how to install letsencrypts ssl for the vestacp admin panel

[ScIT]

Just want to share "my solution" for Let's Encrypt on VestaCP: viewtopic.php?f=19&t=13057

Works for me on all servers in my encroiment.

[Loc_rabbirt]

Guys,

I can confirm the following with 9.8.17 if you would like the following SSL encrypted sites.

If you would like your primary VestaCP website e.g. https://myserver.com:8083 SSL'ed then follow @dpeca method above. NOTE: This method does not automatically give you https://www.myserver.com:8083. You have to specify it in the command e.g.

Code: Select all

./letsencrypt-auto certonly --renew-by-default --webroot -w /home/admin/web/myserver.com/public_html -d myserver.com,www.myserver.com

Once completed, create CRON job to automatically renew https://myserver.com:8083

Now you if you want https://www.myserver.com & https://myserver.com you can go to the GUI and enable.
To do that.
1. Go to https://myserver.com:8083
2. Click "Web"
3. Move mouse to myserver.com and click "edit"
4. Check box "SSL Support" and now check box "Lets Encrypt Support"
5. Move down to bottom of page and click "Save".

This may take 5-30 seconds to save while it creates the Lets Encrypt certificates. You should receive a "Changes have been saved" message if OK.

Open Browser and ensure you clear all content / cookies / etc. and check the above

This mean if I want add ssl to myserver:8083, I will need add it from let's encrypt cli first, then go to vesta dashboard and add it again by using ssl gui from vestacp? Little confused for me.

In my case, I'm trying using ssl to cert for myserver from vestacp gui but the myserver:8083 don't have ssl.

[nitish]

In the latest release of 17 of 0.9.8, you can use Vesta web interface to generate a SSL and assign the certificate to panel, exim. Here's how:

1) If the hostname is sever1.example.com, add a web domain for it in vesta interface.
2) Click edit and checkmark 'SSL Support' and 'Lets Encrypt Support'. It will generate Cert, Key and CA cert. Copy it temporarily to a text file.
3) Now go to /list/server/ and click Configure. Under Vesta SSL paste the cert and key. In 'SSL Certificate' first copy the cert and below that the ca cert and in 'SSL Key' paste the key.
4) That's it, now SSL will be enabled for panel as well as exim which has been configured to use vesta SSL.

[ScIT]

In the latest release of 17 of 0.9.8, you can use Vesta web interface to generate a SSL and assign the certificate to panel, exim. Here's how:

1) If the hostname is sever1.example.com, add a web domain for it in vesta interface.
2) Click edit and checkmark 'SSL Support' and 'Lets Encrypt Support'. It will generate Cert, Key and CA cert. Copy it temporarily to a text file.
3) Now go to /list/server/ and click Configure. Under Vesta SSL paste the cert and key. In 'SSL Certificate' first copy the cert and below that the ca cert and in 'SSL Key' paste the key.
4) That's it, now SSL will be enabled for panel as well as exim which has been configured to use vesta SSL.

That will only work for the first 3 months, because LE Certs are only valid for this time, after that they have to be refreshed. Because of that i wrote this small script: viewtopic.php?f=19&t=13057

[Mr.Erbutw]

That will only work for the first 3 months, because LE Certs are only valid for this time, after that they have to be refreshed. Because of that i wrote this small script: viewtopic.php?f=19&t=13057

Here it is worthy of attention ! THANK !

[billmedina]

ln - s /etc/letsencrypt/live/[mydomain.com]/cert.pem /usr/local/vesta/ssl/certificate.crt
ln -s /etc/letsencrypt/live/[mydomain.com]/privkey.pem /usr/local/vesta/ssl/certificate.key
service vesta restart

[2kreative]

ln - s /etc/letsencrypt/live/[mydomain.com]/cert.pem /usr/local/vesta/ssl/certificate.crt
ln -s /etc/letsencrypt/live/[mydomain.com]/privkey.pem /usr/local/vesta/ssl/certificate.key
service vesta restart

Thanks for the tip billmedina, I sim linked from
/home/[user]/conf/web/ssl.[mydomain.com].crt
/home/[user]/conf/web/ssl.[mydomain.com].pem

For Vesta admin on CentOS 7.2

[ScIT]

ln - s /etc/letsencrypt/live/[mydomain.com]/cert.pem /usr/local/vesta/ssl/certificate.crt
ln -s /etc/letsencrypt/live/[mydomain.com]/privkey.pem /usr/local/vesta/ssl/certificate.key
service vesta restart

Thanks for the tip billmedina, I sim linked from
/home/[user]/conf/web/ssl.[mydomain.com].crt
/home/[user]/conf/web/ssl.[mydomain.com].pem

For Vesta admin on CentOS 7.2

This will NOT work! Billmedina crossposted this also in my way how to solve this problem (viewtopic.php?t=13057) and I left there a comment for him.

Your let's encrypt certificate will be renewed after some time. After every renew the certs are changed and you have to restart the vestacp service (and also exim4 + vestacp service if used). I would suggest you to use my solution (link above, works with integrated vestacp letsencrypt) or the solution from dpeca viewtopic.php?f=19&t=12617. I personally like my solution more then dpeca's, mine using the built in vestacp parts and compares just the files if the certs are changed and restart the needed services.

Choose what you want, but do not create only a symlink because a dumbass posted this commentless as "solution" in two threads.

[billmedina]

Sorry you're so edgy. Maybe people can just restart vesta as shown in what I posted lol. So mad that I didn't need to copy/paste with a shell script. Pretty obvious that when the cert changes the web server for vesta needs to be restarted.

[billmedina]

ln - s /etc/letsencrypt/live/[mydomain.com]/cert.pem /usr/local/vesta/ssl/certificate.crt
ln -s /etc/letsencrypt/live/[mydomain.com]/privkey.pem /usr/local/vesta/ssl/certificate.key
service vesta restart

Thanks for the tip billmedina, I sim linked from
/home/[user]/conf/web/ssl.[mydomain.com].crt
/home/[user]/conf/web/ssl.[mydomain.com].pem

For Vesta admin on CentOS 7.2

Yes, I noticed that was the more direct symlink as well, good catch!