TUTORIAL: How to install SSL certificate to Vesta, Exim and dovecot daemons

[saosangmo]

Thank for your guide.
I run on Ubuntu 18.x box, command

Code: Select all

v-add-letsencrypt-domain 'admin' $HOSTNAME '' 'yes'

will get error:

Code: Select all

Can't load /root/.rnd into RNG
139712324563392:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd

If anyone get this error, type:

Code: Select all

sudo openssl rand -out /root/.rnd -hex 256

Everything will work.

[thecassiecorner]

Thanks for your guide

I'm using Ubuntu 14.x. Do you think it will work fine in my version as well.?

[clementishutin]

As far as i know, it should work fine on your version as well.

[bannedillo]

Many server owners don't know how to install SSL to all daemons, especially to Exim4 and dovecot.

Now there is a new way that is built-in Vesta

Pre-required step: your server hostname must be full host address that is already pointing to IP of your server.
Check /etc/hostname to see what is your hostname.
If it's not real host address, change it to some domain that you are hosting, by typing in SSH:
v-change-sys-hostname somedomain.com
and then
HOSTNAME='somedomain.com'


Now, first, lets install Letsencrypt SSL to domain that is your hostname.

In SSH, as root, run:

Code: Select all

v-add-letsencrypt-domain 'admin' $HOSTNAME '' 'yes'

(change 'admin' if your hostname domain is not under 'admin' account)
This step will install LetsEncrypt the same way you can install it via Vesta web panel (so avoid this step if you already installed LetsEncrypt to your domain).
Of course, you can install any other certificate, not only free LetsEncrypt... you can do it via Vesta web panel by editing that domain.



Now in SSH do the follwing:

Code: Select all

v-update-host-certificate admin $HOSTNAME

(change 'admin' if your hostname domain is not under 'admin' account)
This will apply just installed SSL to Vesta, Exim and dovecot daemons.


And finally run:

Code: Select all

echo "UPDATE_HOSTNAME_SSL='yes'" >> /usr/local/vesta/conf/vesta.conf

This will tell Vesta to update SSL to Vesta, Exim and dovecot daemons every time when SSL is renewed.
This will happen automatically.


That's all.
LetsEncrypt SSL will be automatically renewed every 2 months and also automatically applied to dovecot, Exim and Vesta.

And this is completely built-in way, without additional scripts, Vesta itself do it.

Thank you for all the info and help.

I did all on my Ubuntu 16.04, with no problem, the only thing, is that still having problems to send emails.

running the email to test:

Code: Select all

Cert Hostname DOES NOT VERIFY (mydomain.com != sd-99999.dedibox.fr | DNS:sd-99999.dedibox.fr)
So email is encrypted but the host is not verified

sd-99999.dedibox.fr -> This is the "domain" I have of the server by default, and how I enter to vesta panel, the one that was as "/etc/hostname", so I didn't change anything.

mydomain.com -> This is the domain where I have my email accounts and the one I want to use to send emails. In this domain, I have a website, a simple one.

thank you!

[juliejohn]

I hope everyone got SSL installed

[rockjonn]

What OS are these commands intended for? I can't get them to work on Ubuntu...

All distributions that Vesta support.

Before these commands run this:

Code: Select all

source /etc/profile
PATH=$PATH:/usr/local/vesta/bin && export PATH

It should solve your problem.FM whatsapp

That is also known ''issue'' if you try to run v-* commands immediately after Vesta installation.

Thank you for your information.