TUTORIAL: How to install SSL certificate to Vesta, Exim and dovecot daemons

[b79]

This has made my day. I was using a script, a built in function is great.

Just out of curiosity how did you come across the: UPDATE_HOSTNAME_SSL='yes'
I can't find it documented anywhere?

[MAN5]

Code: Select all

- v-add-letsencrypt-domain 'admin' $HOSTNAME '' 'yes'
- v-update-host-certificate admin $HOSTNAME
- echo "UPDATE_HOSTNAME_SSL='yes'" >> /usr/local/vesta/conf/vesta.conf

Hi Dpeca,
Im still not convincing on these steps yet. As of ScIT's statement, the Exim/Dovecot services must need to be restarted.

viewtopic.php?t=13057&start=30#p70172

I think, this script is not fullfilled his statement yet. ScIT may comment on this concern.

[dpeca]

Code: Select all

- v-add-letsencrypt-domain 'admin' $HOSTNAME '' 'yes'
- v-update-host-certificate admin $HOSTNAME
- echo "UPDATE_HOSTNAME_SSL='yes'" >> /usr/local/vesta/conf/vesta.conf

Hi Dpeca,
Im still not convincing on these steps yet. As of ScIT's statement, the Exim/Dovecot services must need to be restarted.

viewtopic.php?t=13057&start=30#p70172

I think, this script is not fullfilled his statement yet. ScIT may comment on this concern.

No.
v-update-host-certificate will restart exim - https://github.com/serghey-rodin/vesta/ ... ficate#L75

[MAN5]

Haha, Bravo.
Im not fully learned the vesta scripts yet.
Just realizing this will restart mail/ftp/imap all.. Thank you..

[Loc_rabbirt]

I'm new here, so I'm not sure what you mean tying:

Code: Select all

v-change-sys-hostname somedomain
HOSTNAME='somedomain'

I tried changed it in terminal console but seem it not work, the hostname just have one line: name-server, that's all, could you provide some hints?

Resolve!!!!!!!!!!!!!!!!

I just go to Admin Panel > Website > Edit Website > Enable SSL Support > Enable Let's Encrypt and it's work.

P/S: Not sure why it not work before.

[dpeca]

I'm new here, so I'm not sure what you mean tying:

Code: Select all

v-change-sys-hostname somedomain
HOSTNAME='somedomain'

I tried changed it in terminal console but seem it not work, the hostname just have one line: name-server, that's all, could you provide some hints?

Your server hostname must be full host address that is already pointing to IP of your server.
Check /etc/hostname to see what is your hostname.
If it's not real host address, change it to some domain that you are hosting, by typing in SSH:

Code: Select all

v-change-sys-hostname somedomain.com

and then:

Code: Select all

HOSTNAME='somedomain.com'

Then do all normal steps, described on first page.

[TopeZ]

@dpeca

I can confirm my Vesta panel, exim and dovecot are all secured with valid SSL.

You are the F'in boss man, thanks for this tutorial, appreciate it man! All hail dpeca everyone!

[prideofelites]

What about the wildcards? Thanks

[dpeca]

Wildcard will come in next version of Vesta.

[redstorm]

UPDATE: right after posting here I went ahead and double checked my DNS settings and realized I was linking the hostname to the floating IP from digital ocean instead of the droplet instead. The domain itself WAS working as I was able to login to the control panel but I am guessing this created some sort of hiccup or issue on the server itself trying to resolve the IP which had resulted in the error below. Once I updated the IP and re-installed, it worked right away and since I didn't change anything else, I am fairly confident that's what did it.

Will leave my original post below just in case someone else comes across the same or similar issue.

===============

I have tried this in different ways following these instructions as well as others but I keep getting a "connection refused" message when letsencrypt tries to validate the acme address.

It would seem that port 80 on the hostname domain simply does not work. Any other subdomain on the system works perfectly fine and can generate letsencrypt, but the hostname only works on port 8083 so it is never able to validate.

[root@server ~]# v-add-letsencrypt-domain 'admin' $HOSTNAME '' 'yes'
Error: Fetching http://***/.well-known/acme-challenge/**: Connection refused

My server is on a subdomain.domain.com and NOT on a domain.com. I can't see that being a problem but thought I would mention it. All subdomains and aliases are properly pointed to the server. Checking and executing the SSL / Letsencrypt option on another test subdomain of the same root domain works without issues. Only the server hostname has this issue.

I have reset and retried things at least a dozen times now without success, always the same error message. This is on a dropbox VPS running centos 7.5

Any help or pointer would be greatly appreciated.