Let's Encrypt for VestaCP System (8083) and exim4
-
- Posts: 45
- Joined: Sun Mar 13, 2016 2:21 pm
- Contact:
- Os: Ubuntu 17x
- Web: nginx + php-fpm
Re: Let's Encrypt for VestaCP System (8083) and exim4
Thanks, the best way, if you don't need SSL for Exim.billmedina wrote: ↑Tue Jan 31, 2017 10:32 pmln - s /etc/letsencrypt/live/[mydomain.com]/cert.pem /usr/local/vesta/ssl/certificate.crt
ln -s /etc/letsencrypt/live/[mydomain.com]/privkey.pem /usr/local/vesta/ssl/certificate.key
service vesta restart
My VestaCP under Ubunt 16.04 didn't have such paths, so the mod will be:
ln -s --force /home/[user]/conf/web/ssl.[domain.com].pem /usr/local/vesta/ssl/certificate.crt
ln -s --force /home/[user]/conf/web/ssl.[domain.com].key /usr/local/vesta/ssl/certificate.key
Re: Let's Encrypt for VestaCP System (8083) and exim4
well, you still need to restart the vesta service, so this will still not do the full job...Vladimir Chanaev wrote: ↑Mon Feb 12, 2018 10:50 amThanks, the best way, if you don't need SSL for Exim.
My VestaCP under Ubunt 16.04 didn't have such paths, so the mod will be:
ln -s --force /home/[user]/conf/web/ssl.[domain.com].pem /usr/local/vesta/ssl/certificate.crt
ln -s --force /home/[user]/conf/web/ssl.[domain.com].key /usr/local/vesta/ssl/certificate.key
Re: Let's Encrypt for VestaCP System (8083) and exim4
Make symlinks (shortcuts) for crt&key files from the server's domain name SSL files. So whenever you renewing your LE cert for vesta panel's domain, it will be used by vesta:8083 automatically.
SSL for Vesta CP:
( Below script will make a shortcut for vestaCP's main crt/key files from main-domain.com domain's certs & making it executable 0644)
If you didnt do the 0644 > you will get cert files read failed.
SSL for Vesta CP:
( Below script will make a shortcut for vestaCP's main crt/key files from main-domain.com domain's certs & making it executable 0644)
Code: Select all
mv /usr/local/vesta/ssl/certificate.crt /usr/local/vesta/ssl/certificate"$(date '+%Y%m%d%H%M').crt"
mv /usr/local/vesta/ssl/certificate.key /usr/local/vesta/ssl/certificate"$(date '+%Y%m%d%H%M').key"
ln -s /home/admin/conf/web/ssl.main-domain.com.crt /usr/local/vesta/ssl/certificate.crt
ln -s /home/admin/conf/web/ssl.main-domain.com.key /usr/local/vesta/ssl/certificate.key
chmod 0644 /usr/local/vesta/ssl/certificate.crt
chmod 0644 /usr/local/vesta/ssl/certificate.key
service vesta restart
Re: Let's Encrypt for VestaCP System (8083) and exim4
This is what I use on my servers:
https://git.scit.ch/rs/VestaCP-SystemSSL
Then just setup a cron to run daily.
Andy
https://git.scit.ch/rs/VestaCP-SystemSSL
Then just setup a cron to run daily.
Andy
Re: Let's Encrypt for VestaCP System (8083) and exim4
But curious, why not just make it as a symlink, instead of need of another cron daily?youradds wrote: ↑Fri Mar 16, 2018 10:55 amThis is what I use on my servers:
https://git.scit.ch/rs/VestaCP-SystemSSL
Then just setup a cron to run daily.
Andy
If there is a reason, i may follow..
Re: Let's Encrypt for VestaCP System (8083) and exim4
This also does the exim4 certificates, so you can correctly connect securely to imap/pop3/smtp :)
Re: Let's Encrypt for VestaCP System (8083) and exim4
Ah ok. I may use that on a future server build then :) I had a lot of issues getting the SSL certs to work for the mail stuff, which is why I went for that solution.
Re: Let's Encrypt for VestaCP System (8083) and exim4
What do you do, if the let's encrypt cert will be regenerated (normaly after 2 months)? As far as I know, you have to restart the service(s) for providing the new cert, otherwise it will be outdated/invalid. That was also a point, to do this script, because it was the only way for now to restart affected services (in my envroiment vsftpd, vesta and exim4).
Re: Let's Encrypt for VestaCP System (8083) and exim4
How can we certificate multiple domains. Imagine that you have domain1.com and domain2.com and want to use on mail configurations:
mail.domain1.com
mail.domain2.com
There is any way to create a certificate that works for all domains?
mail.domain1.com
mail.domain2.com
There is any way to create a certificate that works for all domains?