We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
how to install letsencrypts ssl for the vestacp admin panel
Re: how to install letsencrypts ssl for the vestacp admin panel
have a look at this topic: viewtopic.php?f=10&t=10597
Re: how to install letsencrypts ssl for the vestacp admin panel
Lets say you are using mydomain.com for VestaCP (accessing it via https://mydomain.com:8083/ )
(Note: mydomain.com must be accessible from the internet, domain must point to IP of your server)
Here are the steps:
Then run:
If succeed, this procedure will create folder /etc/letsencrypt/live/mydomain.com with cert.pem and privkey.pem files.
Now replace self-signed SSL with newly created SSL:
Finaly, restart VestaCP:
That's it.
P.S.
To renew SSL, every 2 months run via cron:
(Note: mydomain.com must be accessible from the internet, domain must point to IP of your server)
Here are the steps:
Code: Select all
cd /root
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --help
Code: Select all
./letsencrypt-auto certonly --renew-by-default --webroot -w /home/admin/web/[YOUR-HOSTNAME]/public_html -d [YOUR-HOSTNAME]
Now replace self-signed SSL with newly created SSL:
Code: Select all
cp /etc/letsencrypt/live/mydomain.com/cert.pem /usr/local/vesta/ssl/certificate.crt
cp /etc/letsencrypt/live/mydomain.com/privkey.pem /usr/local/vesta/ssl/certificate.key
Code: Select all
service vesta restart
P.S.
To renew SSL, every 2 months run via cron:
Code: Select all
cd /root/letsencrypt
git pull
./letsencrypt-auto certonly --renew-by-default --webroot -w /home/admin/web/[YOUR-HOSTNAME]/public_html -d [YOUR-HOSTNAME]
cp /etc/letsencrypt/live/mydomain.com/cert.pem /usr/local/vesta/ssl/certificate.crt
cp /etc/letsencrypt/live/mydomain.com/privkey.pem /usr/local/vesta/ssl/certificate.key
sudo service vesta restart
Last edited by dpeca on Mon Aug 01, 2016 9:59 am, edited 7 times in total.
Re: how to install letsencrypts ssl for the vestacp admin panel
Keep in mind that LetsEncrypt certs are valid only three months, after that period you'll have to repeat that process. Better approach would be to symlink certificates instead of copying them and placing previous commands in cronjob that runs once every two months as I propose in my thread.dpeca wrote: If succeed, this procedure will create folder /etc/letsencrypt/live/mydomain.com with privkey.pem and cert.pem files.
Copy content of that files to clipboard.
Then run:Delete previously content and paste content from cert.pem, then save.Code: Select all
nano /usr/local/vesta/ssl/certificate.crt
Then run:Delete previously content and paste content from privkey.pem, then save.Code: Select all
nano /usr/local/vesta/ssl/certificate.key
Finaly, run:Code: Select all
service vesta restart
Re: how to install letsencrypts ssl for the vestacp admin panel
Totally agree.
But, (or btw), everything in /etc/letsencrypt/live/mydomain.com is already symlink... is it possible to symlink a symlink? :D
I will check tomorrow :D
And yes, proccess must be repeated every three months:
But, (or btw), everything in /etc/letsencrypt/live/mydomain.com is already symlink... is it possible to symlink a symlink? :D
I will check tomorrow :D
And yes, proccess must be repeated every three months:
Code: Select all
cd letsencrypt
service apache2 stop
./letsencrypt-auto certonly --standalone -d mydomain.com
service apache2 start
cp /etc/letsencrypt/live/mydomain.com/cert.pem /usr/local/vesta/ssl/certificate.crt
cp /etc/letsencrypt/live/mydomain.com/privkey.pem /usr/local/vesta/ssl/certificate.key
service vesta restart
Re: how to install letsencrypts ssl for the vestacp admin panel
An alternative way a little more automated and easier to setup via letsencrypt-vesta script
See blog outlining letsencrypt-vesta installation steps
http://www.servermom.org/install-lets-e ... tacp/3208/
See blog outlining letsencrypt-vesta installation steps
http://www.servermom.org/install-lets-e ... tacp/3208/
Re: how to install letsencrypts ssl for the vestacp admin panel
Confirm that the new VestaCP 0.9.8.17 "GUI" option for lets encrypt does not work to encrypt the vestacp admin panel.
The method listed by dpeca does.
The method listed by dpeca does.
Re: how to install letsencrypts ssl for the vestacp admin panel
Yes same here as @phez mentioned.
Re: how to install letsencrypts ssl for the vestacp admin panel
Guys,
I can confirm the following with 9.8.17 if you would like the following SSL encrypted sites.
If you would like your primary VestaCP website e.g. https://myserver.com:8083 SSL'ed then follow @dpeca method above. NOTE: This method does not automatically give you https://www.myserver.com:8083. You have to specify it in the command e.g.
Once completed, create CRON job to automatically renew https://myserver.com:8083
Now you if you want https://www.myserver.com & https://myserver.com you can go to the GUI and enable.
To do that.
1. Go to https://myserver.com:8083
2. Click "Web"
3. Move mouse to myserver.com and click "edit"
4. Check box "SSL Support" and now check box "Lets Encrypt Support"
5. Move down to bottom of page and click "Save".
This may take 5-30 seconds to save while it creates the Lets Encrypt certificates. You should receive a "Changes have been saved" message if OK.
Open Browser and ensure you clear all content / cookies / etc. and check the above
I can confirm the following with 9.8.17 if you would like the following SSL encrypted sites.
If you would like your primary VestaCP website e.g. https://myserver.com:8083 SSL'ed then follow @dpeca method above. NOTE: This method does not automatically give you https://www.myserver.com:8083. You have to specify it in the command e.g.
Code: Select all
./letsencrypt-auto certonly --renew-by-default --webroot -w /home/admin/web/myserver.com/public_html -d myserver.com,www.myserver.com
Now you if you want https://www.myserver.com & https://myserver.com you can go to the GUI and enable.
To do that.
1. Go to https://myserver.com:8083
2. Click "Web"
3. Move mouse to myserver.com and click "edit"
4. Check box "SSL Support" and now check box "Lets Encrypt Support"
5. Move down to bottom of page and click "Save".
This may take 5-30 seconds to save while it creates the Lets Encrypt certificates. You should receive a "Changes have been saved" message if OK.
Open Browser and ensure you clear all content / cookies / etc. and check the above