We are starting CHRISTMAS Sale. Get 30% OFF on lifetime licenses with code: FYSKK72

Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it Topic is solved

Section with additional software for Vesta
apachler
Posts: 6
Joined: Wed Sep 21, 2016 10:57 am

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Postby apachler » Mon Dec 12, 2016 8:42 pm

ok, thank you!

so i have to issue the certificate on my own and then pass the path to the file to the v-change-sys-vesta-ssl script, right?

delebash
Posts: 22
Joined: Mon Aug 24, 2015 5:28 pm

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Postby delebash » Mon Dec 12, 2016 9:54 pm

Feature you may want to consider.

Generating Strong Diffie-Hellman Group
see viewtopic.php?t=11425
For Nginx

Run below to create a strong Diffie-Hellman group.

Code: Select all

sudo openssl dhparam -out /etc/nginx/dhparams.pem 4096
or 2048

This code aslo disables ssl_protocals except for TLSv1.2 for modern browsers, but you don't have to just leave ssl_protocals as it was originally.

Code: Select all

sudo nano /etc/nginx/nginx.conf

Find Line # SSL PCI Compliance and replace with

Code: Select all

# SSL PCI Compliance
ssl_session_cache   shared:SSL:10m;
ssl_protocols       TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_dhparam /etc/nginx/dhparams.pem;
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;


Restart nginx

dpeca
Collaborator
Posts: 239
Joined: Wed Nov 25, 2015 7:30 pm
Location: Serbia

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Postby dpeca » Thu Dec 15, 2016 10:42 am

apachler wrote:ok, thank you!

so i have to issue the certificate on my own and then pass the path to the file to the v-change-sys-vesta-ssl script, right?

Yes.

amitz
Posts: 49
Joined: Mon Nov 09, 2015 10:52 am

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Postby amitz » Fri Dec 16, 2016 2:48 pm

Hello,

I do get this error although i have installed the latets pip version:

pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7)

Command "python setup.py egg_info" failed with error code -9 in /tmp/pip-build-f 7lKZJ/zope.interface
You are using pip version 8.0.3, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
ERROR: Something went wrong. Check output above.

How to fix this?

dpeca
Collaborator
Posts: 239
Joined: Wed Nov 25, 2015 7:30 pm
Location: Serbia

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Postby dpeca » Mon Dec 19, 2016 10:00 am

amitz wrote:Hello,

I do get this error although i have installed the latets pip version:

pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7)

Command "python setup.py egg_info" failed with error code -9 in /tmp/pip-build-f 7lKZJ/zope.interface
You are using pip version 8.0.3, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
ERROR: Something went wrong. Check output above.

How to fix this?


It's related to letsencrypt certbot script (downloaded from https://github.com/certbot/certbot ) - and I can't provide support for it (because I didn't developed it).
Be free to ask this question on their official support forum - https://github.com/certbot/certbot/issues - or - https://community.letsencrypt.org/

kinnth
Posts: 11
Joined: Tue Dec 20, 2016 10:42 pm

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Postby kinnth » Wed Dec 21, 2016 1:59 pm

Read through the begining and the end of the thread. It sounds like a very good script and would it not be good to incorporate directly into VESTA as a button next to the SSL check box?

When I tried the let's encrypt button, I didn't get my details filled in and had some issues.

My question is as this is a very old post - The current version is the script from the OP still working and in use with the latest VESTA? Should I download and run it or is the native VESTA operation now better and working well?

dpeca
Collaborator
Posts: 239
Joined: Wed Nov 25, 2015 7:30 pm
Location: Serbia

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Postby dpeca » Wed Dec 21, 2016 9:50 pm

Script will not be incorporated into Vesta because Vesta has its own LetsEncrypt implementation.

But, there are two reasons why my scripts exists.

1) As you already said, Vestas LE implementation still does not work very well

2) Still there is no option in GUI to implement LE cert to all daemons


Current version of my script works fine with latest VestaCP.

Harry77
Posts: 10
Joined: Tue Jun 28, 2016 5:51 am

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Postby Harry77 » Fri Jan 06, 2017 5:46 am

I can't use this script anymore,
I installed vestacp on a clean server but I get:

Command "python setup.py egg_info" failed with error code -9 in /tmp/pip-build-f 7lKZJ/zope.interface
You are using pip version 8.0.3, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
ERROR: Something went wrong. Check output above.

Even if i update pip to version 9.0.1.

I tried with a clean vestacp install on centos 6 64, centos 6 32, centos 7 64, debian 7 and ubuntu 16.10.

dpeca
Collaborator
Posts: 239
Joined: Wed Nov 25, 2015 7:30 pm
Location: Serbia

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Postby dpeca » Wed Jan 11, 2017 3:52 pm

it's a bug in https://github.com/letsencrypt/letsencrypt
I will check what is going on.

dpeca
Collaborator
Posts: 239
Joined: Wed Nov 25, 2015 7:30 pm
Location: Serbia

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it  Topic is solved

Postby dpeca » Fri Jan 27, 2017 3:06 pm

Checked, everything is working just fine on Debian 8.7, there is no bug.


Return to “3rd Party Software”



Who is online

Users browsing this forum: No registered users and 3 guests