We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Let's Encrypt for VestaCP System (8083) and exim4
-
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: Let's Encrypt for VestaCP System (8083) and exim4
@JakeTheDog420:
Such discouraging statements only show your innocence and unfamiliarity with the Linux system.
As my friend ScIT mentioned...this is an actively involved community... FREE Service... not paid for the time and efforts involved here. So do not compare this with the Spoon-fed bloatware yet expensive shit like cPanel. Infact I feel VestaCP is the only free Web Panel after Webmin to actually provide such an easy interface yet also LEARN Linux and the underlying configs.
Please do keep patience and read. Do not shame the community for not being active, we are trying our best with the time and efforts we have.
Such discouraging statements only show your innocence and unfamiliarity with the Linux system.
As my friend ScIT mentioned...this is an actively involved community... FREE Service... not paid for the time and efforts involved here. So do not compare this with the Spoon-fed bloatware yet expensive shit like cPanel. Infact I feel VestaCP is the only free Web Panel after Webmin to actually provide such an easy interface yet also LEARN Linux and the underlying configs.
Please do keep patience and read. Do not shame the community for not being active, we are trying our best with the time and efforts we have.
-
- Posts: 14
- Joined: Sun Sep 24, 2017 6:00 am
Re: Let's Encrypt for VestaCP System (8083) and exim4
I wasn't trying to shame the community simply pointing out the fact its a shame it isn't more active. I understand you're trying your best with your time please don't take my message offensively. And you are correct I am unfamiliar with linux but I am trying to learn.mehargags wrote:@JakeTheDog420:
Such discouraging statements only show your innocence and unfamiliarity with the Linux system.
As my friend ScIT mentioned...this is an actively involved community... FREE Service... not paid for the time and efforts involved here. So do not compare this with the Spoon-fed bloatware yet expensive shit like cPanel. Infact I feel VestaCP is the only free Web Panel after Webmin to actually provide such an easy interface yet also LEARN Linux and the underlying configs.
Please do keep patience and read. Do not shame the community for not being active, we are trying our best with the time and efforts we have.
Also ScIT please could you go into further detail about the key mismatch? It seems my problem hasn't gone away and I'm trying now to figure a way to fix it without having to start fresh as I have some site files and email accounts configured I dont want to loose.
I think I may have removed the default domain and now it hasnt refreshed the certificate like you said but I am not 100%... What's the best route I can take to get back into vestacp? port 8083 is being refused and when I try to restart the service through terminal I get this error.
Code: Select all
[....] Restarting vesta-nginx: vesta-nginxnginx: [emerg] SSL_CTX_use_PrivateKey_file("/usr/local/vesta/ssl/certificate.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
All the best
JakeTheDog
-
- Posts: 14
- Joined: Sun Sep 24, 2017 6:00 am
Re: Let's Encrypt for VestaCP System (8083) and exim4
ScIT wrote:The forum is not inactiv, here is still life :).JakeTheDog420 wrote: Shame this forum isn't more active I feel like vesta has a lot to offer but without an active community many people probably move to cpanel or possibly even other free options with more active communities.. Anyway I'll post this in the other places I saw similar issues where I posted looking for help here so maybe it can help others (Y)For the missmatch problem it is quite simple: The published script just compares and copy the cert files, like you wrote on your post (you do just the steps manualy, missed to set the permission).JakeTheDog420 wrote: Starting vesta-nginx: nginx: [emerg] SSL_CTX_use_PrivateKey_file("/usr/local/vesta/ssl/certificate.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
The script is only a few lines long and also do not use complicated commands. So if you configure it properly (set the right user and domain name) the script will work without any troubles. Also you should not delete the web domain you used for the let's encrypt domain. otherwise the cert will not be refreshed anymore.
For VestaCP there is a bit of linux base knowledge needed, to understand his processes and how it is working. Maybe have a look at the script, try to understand what it does and also maybe why it could not work on your system (or why it stopped working after some time).
I realised the issue is with your script do you think you'd be able to tell me the correct commands to use im place of your script?
I'm running on a Debian 7 server I think although it might be debian 8 now...
I get the following error emailed to me from the cron job...
Code: Select all
/etc/cron.daily/exim4-base:
LOG: MAIN
Warning: purging the environment.
Suggested action: use keep_environment.
/etc/cron.daily/vesta_ssl:
/etc/cron.daily/vesta_ssl: line 5: if: command not found
/etc/cron.daily/vesta_ssl: line 6: /home/admin/conf/web/ssl.REDACTED.com.pem: Permission denied
cp: missing destination file operand after `/home/admin/conf/web/ssl.REDACTED.com.key'
Try `cp --help' for more information.
chown: missing operand after `root:mail'
Try `chown --help' for more information.
To get the mismatch to work I do parts of the script manually which works. Its the automation part of your script which is broken/not set up for this OS maybe?
Code: Select all
cp $cert_src $cert_dst
# Copy Keyfile
cp $key_src $key_dst
# Change Permission
chown root:mail $cert_dst
chown root:mail $key_dst
# Restart Services
service vesta restart &> /dev/null
service exim4 restart &> /dev/null
Its the if statements etc that aren't being recognised I think so yes any help would be greatly appreciated as currently I just have to wait for the sites control panel to randomly stop working then issue a new certificate and manually do these commands myself...
Didn't have these issues prior to using your script..
Thanks in advance
-
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: Let's Encrypt for VestaCP System (8083) and exim4
For the Exim environment error you are getting
run
if you get " Warning: purging the environment."
and at the top put this
run
Code: Select all
exim4 -bP | grep environment
Code: Select all
nano /etc/exim4/exim4.conf.template
Code: Select all
add_environment=<; PATH=/bin:/usr/bin
keep_environment=
-
- Posts: 14
- Joined: Sun Sep 24, 2017 6:00 am
Re: Let's Encrypt for VestaCP System (8083) and exim4
Amazing thank you! This basically fixed my issue! From here I was able to figure out the remaining issue with the script! Seems the if statement was copied wrong so was on the same line as the previous command! Now I spaced it all out correctly along with the code you told me to add I restarted exim and tried running ./vesta_ssl manually and got NO errors at all! Not sure if this fixes my SSL issue long-term only time will tell for that but your fix is greatly appreciated!! :)mehargags wrote:For the Exim environment error you are getting
runif you get " Warning: purging the environment."Code: Select all
exim4 -bP | grep environment
and at the top put thisCode: Select all
nano /etc/exim4/exim4.conf.template
Code: Select all
add_environment=<; PATH=/bin:/usr/bin keep_environment=
Hope there's no hard feelings between us!
Re: Let's Encrypt for VestaCP System (8083) and exim4
Hello,
I added this script to /etc/cron.daily manually using SFTP, I checked permission, double checked the script options.
Unfortunately, I can't see any changes. No error, No success!
I'm using Ubuntu 16, with Vesta installer script default configuration (Apache, Nginx, PHP7)
Is this script still working please?
I added this script to /etc/cron.daily manually using SFTP, I checked permission, double checked the script options.
Unfortunately, I can't see any changes. No error, No success!
I'm using Ubuntu 16, with Vesta installer script default configuration (Apache, Nginx, PHP7)
Is this script still working please?
Re: Let's Encrypt for VestaCP System (8083) and exim4
The script is working, please use ssh to check if it works when you run it manualy ./vesta_ssl.sifur wrote:Hello,
I added this script to /etc/cron.daily manually using SFTP, I checked permission, double checked the script options.
Unfortunately, I can't see any changes. No error, No success!
I'm using Ubuntu 16, with Vesta installer script default configuration (Apache, Nginx, PHP7)
Is this script still working please?
Re: Let's Encrypt for VestaCP System (8083) and exim4
The script doesn't work in Debian or Ubuntu as Exim4 uses here the Debian-exim user and Debian-exim group instead of mail.
So
should be in Debian/Ubuntu
Would be good to have a variable to configure this and a hint. :)
So
Code: Select all
# Change Permission
chown root:mail $cert_dst
chown root:mail $key_dst
Code: Select all
# Change Permission
chown root:Debian-exim $cert_dst
chown root:Debian-exim $key_dst
Re: Let's Encrypt for VestaCP System (8083) and exim4
Can you share your ubuntu and debian version? my script runs perfectly on ubuntu 14.04 and 16.04henri wrote:The script doesn't work in Debian or Ubuntu as Exim4 uses here the Debian-exim user and Debian-exim group instead of mail.
Soshould be in Debian/UbuntuCode: Select all
# Change Permission chown root:mail $cert_dst chown root:mail $key_dst
Would be good to have a variable to configure this and a hint. :)Code: Select all
# Change Permission chown root:Debian-exim $cert_dst chown root:Debian-exim $key_dst
Re: Let's Encrypt for VestaCP System (8083) and exim4
Sorry I was wrong. I thought I used the mail group some time ago and it doesn't work but maybe that was another problem.
I realized now that Vesta adds the Debian-exim user to the mail group in the Debian install script.
https://github.com/serghey-rodin/vesta/ ... n.sh#L1049
I realized now that Vesta adds the Debian-exim user to the mail group in the Debian install script.
https://github.com/serghey-rodin/vesta/ ... n.sh#L1049