We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Let's Encrypt for VestaCP System (8083) and exim4
Re: Let's Encrypt for VestaCP System (8083) and exim4
Not as far as I'm aware. You would need to really setup the SSL cert on your main domain, and then get everyone to just use that (i.e mail.servername.com)
-
- Posts: 12
- Joined: Tue Jan 16, 2018 2:58 am
- Os: CentOS 6x
- Web: apache + nginx
Re: Let's Encrypt for VestaCP System (8083) and exim4
Congratz, you can register on the board and copy&paste your 3 line shell "solution" without any comment in two posts (here and viewtopic.php?p=56134#p56134). But can you answer me also a question? What will happen after 90days? If not, I will tell you: VestaCP backend will be outdated because you have to restart vesta service after changing/renewing the ssl cert.
So maybe next time: Read the thread where you are posting such a bullshit and try to understand, why it can maybe not work. Thanks.
I LOLed so hard .....
Re: Let's Encrypt for VestaCP System (8083) and exim4
Hi sorry. I missed this post OR i overlooked ontime. I feel your point is true as need to restart the VESTA/EXIM/FTP etc.,ScIT wrote: ↑Sun Apr 29, 2018 5:24 amWhat do you do, if the let's encrypt cert will be regenerated (normaly after 2 months)? As far as I know, you have to restart the service(s) for providing the new cert, otherwise it will be outdated/invalid. That was also a point, to do this script, because it was the only way for now to restart affected services (in my envroiment vsftpd, vesta and exim4).
But, what is the current 'v-update-letsencrypt-ssl' ?
I think, the restarting of the available mandatory services are could be done with the above script as default. This will keep the script as professional. (Myself im using my server hostname, VestaCP, Exim & Vsftp all using same SSL).
Or may send a Service-Restart reminder to the root email (If the root domain SSL has updated via the above script)
-
- Posts: 20
- Joined: Sat Sep 16, 2017 9:25 am
- Contact:
- Os: CentOS 6x
- Web: apache + nginx
Re: Let's Encrypt for VestaCP System (8083) and exim4
Thank You Sooo Much!!! it is very helpful for me and i have solved my mail server issues....ScIT wrote: ↑Wed Nov 09, 2016 10:06 amVestaCP has now a integrated way to solve the request: viewtopic.php?f=10&t=17353
Hi @ all
For our internal VestaCP Systems I've written a short script to use the Let's Encrypt SSL Certificates for VestaCP (8083) and exim4.
First of all:
- Create your domain in WEB (for example server.domain.tld)
- Add a Let's Encrypt Certificate with v-add-letsencrypt-domain user domain
- Create and modify the script you will find here: https://git.scit.ch/rs/VestaCP-SystemSSL
Tested on Ubuntu 14.04 and Debian 8.
Please let me know if it also works for you, if you have any problems post it here or use the "Issue"-Function from our GitLab Server.
Why you should use this way instead of "create only symlinks of the cert files": viewtopic.php?p=56451#p56428
Extra Thank for this script https://git.scit.ch/rs/VestaCP-SystemSSL
Re: Let's Encrypt for VestaCP System (8083) and exim4
I see no reason why you can't put aliases in your web domain for the mail servers you want to be in that certificate. Just add them in the aliases.
Re: Let's Encrypt for VestaCP System (8083) and exim4
Hello all,
/etc/exim4/exim4.conf.template
symlinked
root@mail:/usr/local/vesta/ssl# ls -la
set group and permission
root@mail:/home/admin/conf/web# ls -la
restarted exim4 service but, I still get the following error on Exim log.
I'm using LetsEncrypt certificates and they seem to working fine over HTTPS.
rebooted, copy cert files instead of symlinked but stiil have same error.
Why is this happening? Have you had any success resolving this issue?
/etc/exim4/exim4.conf.template
Code: Select all
tls_advertise_hosts = *
tls_certificate = /usr/local/vesta/ssl/certificate.crt
tls_privatekey = /usr/local/vesta/ssl/certificate.key
root@mail:/usr/local/vesta/ssl# ls -la
Code: Select all
total 8
drw-rw---- 2 root mail 4096 Apr 28 09:10 .
drwxr-xr-x 16 root root 4096 Apr 24 11:45 ..
lrwxrwxrwx 1 root root 41 Apr 28 09:09 certificate.crt -> /home/admin/conf/web/ssl.domain.mn.crt
lrwxrwxrwx 1 root root 41 Apr 28 09:10 certificate.key -> /home/admin/conf/web/ssl.domain.mn.key
root@mail:/home/admin/conf/web# ls -la
Code: Select all
-rw-rw---- 1 root root 1674 Apr 28 09:07 ssl.domain.mn.ca
-rw-r--r-- 1 root mail 2273 Apr 28 09:07 ssl.domain.mn.crt
-rw-r--r-- 1 root mail 3243 Apr 28 09:07 ssl.domain.mn.key
-rw-rw---- 1 root root 3948 Apr 28 09:07 ssl.domain.mn.pem
Code: Select all
2020-04-28 12:15:49 TLS error on connection from mail.domain.mn (me) [43.231.114.90] (cert/key setup: cert=/usr/local/vesta/ssl/certificate.crt key=/usr/local/vesta/ssl/certificate.key): Error while reading file.
rebooted, copy cert files instead of symlinked but stiil have same error.
Why is this happening? Have you had any success resolving this issue?
Re: Let's Encrypt for VestaCP System (8083) and exim4
If you are just trying to assign a SSL cert to the mail stuff (or vescacp admin for that matter), you can do it at:
https://foo.com:8083/edit/server/
So login as "admin", then "Server"> "Configure" (on the server itself). If you expand the mail option you can then see the option to "Use Web Domain SSL Certificate "
I only noticed this on a new build I did - so I'm not sure what version is came out in. Hope that helps
Andy
https://foo.com:8083/edit/server/
So login as "admin", then "Server"> "Configure" (on the server itself). If you expand the mail option you can then see the option to "Use Web Domain SSL Certificate "
I only noticed this on a new build I did - so I'm not sure what version is came out in. Hope that helps
Andy
Re: Let's Encrypt for VestaCP System (8083) and exim4
root@mail:~# v-list-sys-vesta-updates
Try you suggestion but still get error.
2020-04-28 14:38:25 TLS error on connection from mail.domain.mn (me) [43.231.114.90] (cert/key setup: cert=/usr/local/vesta/ssl/mail.crt key=/usr/local/vesta/ssl/mail.key): Error while reading file.
Code: Select all
PKG VER REL ARCH UPDT DATE
--- --- --- ---- ---- ----
vesta 0.9.8 26 amd64 yes 2020-04-24
vesta-php 0.9.8 26 amd64 yes 2020-04-24
vesta-nginx 0.9.8 26 amd64 yes 2020-04-24
vesta-ioncube 0.9.8 26 amd64 yes 2020-04-24
vesta-softaculous 0.9.8 26 amd64 yes 2020-04-24
2020-04-28 14:38:25 TLS error on connection from mail.domain.mn (me) [43.231.114.90] (cert/key setup: cert=/usr/local/vesta/ssl/mail.crt key=/usr/local/vesta/ssl/mail.key): Error while reading file.
Re: Let's Encrypt for VestaCP System (8083) and exim4
Did you remove your copies / symlinks first?
Re: Let's Encrypt for VestaCP System (8083) and exim4
YES
Code: Select all
root@mail:/usr/local/vesta/ssl# ls -la
total 16
drw-rw---- 2 root mail 4096 Apr 28 15:17 .
drwxr-xr-x 16 root root 4096 Apr 24 11:45 ..
-rw-r----- 1 root mail 3948 Apr 28 15:17 mail.crt
-rw-r--r-- 1 root mail 3243 Apr 28 15:17 mail.key