Vesta Control Panel - Forum

Community Forum
https://forum.vestacp.com/

how to install letsencrypts ssl for the vestacp admin panel

https://forum.vestacp.com/viewtopic.php?f=10&t=10608

Page 1 of 3

how to install letsencrypts ssl for the vestacp admin panel

Posted: Sun Feb 14, 2016 1:05 am
by amitz
Hello,

how to install letsencrypts ssl for the hostname like
https://xy.domain.com:8083

Re: how to install letsencrypts ssl for the vestacp admin panel

Posted: Sun Feb 14, 2016 9:30 pm
by wodCZ
have a look at this topic: viewtopic.php?f=10&t=10597

Re: how to install letsencrypts ssl for the vestacp admin panel

Posted: Mon Feb 15, 2016 12:38 am
by dpeca
Lets say you are using mydomain.com for VestaCP (accessing it via https://mydomain.com:8083/ )

(Note: mydomain.com must be accessible from the internet, domain must point to IP of your server)

Here are the steps:

Code: Select all

cd /root
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --help
Then run:

Code: Select all

./letsencrypt-auto certonly --renew-by-default --webroot -w /home/admin/web/[YOUR-HOSTNAME]/public_html -d [YOUR-HOSTNAME]
If succeed, this procedure will create folder /etc/letsencrypt/live/mydomain.com with cert.pem and privkey.pem files.

Now replace self-signed SSL with newly created SSL:

Code: Select all

cp /etc/letsencrypt/live/mydomain.com/cert.pem /usr/local/vesta/ssl/certificate.crt
cp /etc/letsencrypt/live/mydomain.com/privkey.pem /usr/local/vesta/ssl/certificate.key
Finaly, restart VestaCP:

Code: Select all

service vesta restart
That's it.

P.S.
To renew SSL, every 2 months run via cron:

Code: Select all

cd /root/letsencrypt
git pull
./letsencrypt-auto certonly --renew-by-default --webroot -w /home/admin/web/[YOUR-HOSTNAME]/public_html -d [YOUR-HOSTNAME]
cp /etc/letsencrypt/live/mydomain.com/cert.pem /usr/local/vesta/ssl/certificate.crt
cp /etc/letsencrypt/live/mydomain.com/privkey.pem /usr/local/vesta/ssl/certificate.key
sudo service vesta restart

Re: how to install letsencrypts ssl for the vestacp admin panel

Posted: Mon Feb 15, 2016 7:56 pm
by wodCZ
dpeca wrote: If succeed, this procedure will create folder /etc/letsencrypt/live/mydomain.com with privkey.pem and cert.pem files.
Copy content of that files to clipboard.

Then run:

Code: Select all

nano /usr/local/vesta/ssl/certificate.crt
Delete previously content and paste content from cert.pem, then save.

Then run:

Code: Select all

nano /usr/local/vesta/ssl/certificate.key
Delete previously content and paste content from privkey.pem, then save.

Finaly, run:

Code: Select all

service vesta restart
Keep in mind that LetsEncrypt certs are valid only three months, after that period you'll have to repeat that process. Better approach would be to symlink certificates instead of copying them and placing previous commands in cronjob that runs once every two months as I propose in my thread.

Re: how to install letsencrypts ssl for the vestacp admin panel

Posted: Mon Feb 15, 2016 11:29 pm
by dpeca
Totally agree.
But, (or btw), everything in /etc/letsencrypt/live/mydomain.com is already symlink... is it possible to symlink a symlink? :D
I will check tomorrow :D

And yes, proccess must be repeated every three months:

Code: Select all

cd letsencrypt
service apache2 stop
./letsencrypt-auto certonly --standalone -d mydomain.com
service apache2 start
cp /etc/letsencrypt/live/mydomain.com/cert.pem /usr/local/vesta/ssl/certificate.crt
cp /etc/letsencrypt/live/mydomain.com/privkey.pem /usr/local/vesta/ssl/certificate.key
service vesta restart

Re: how to install letsencrypts ssl for the vestacp admin panel

Posted: Wed Jun 08, 2016 5:41 pm
by delebash
An alternative way a little more automated and easier to setup via letsencrypt-vesta script

See blog outlining letsencrypt-vesta installation steps
http://www.servermom.org/install-lets-e ... tacp/3208/

Re: how to install letsencrypts ssl for the vestacp admin panel

Posted: Tue Nov 29, 2016 12:20 pm
by phez
Confirm that the new VestaCP 0.9.8.17 "GUI" option for lets encrypt does not work to encrypt the vestacp admin panel.

The method listed by dpeca does.

Re: how to install letsencrypts ssl for the vestacp admin panel

Posted: Tue Nov 29, 2016 4:30 pm
by amitz
Yes same here as @phez mentioned.

Re: how to install letsencrypts ssl for the vestacp admin panel

Posted: Wed Nov 30, 2016 9:59 am
by phez
Guys,

I can confirm the following with 9.8.17 if you would like the following SSL encrypted sites.

If you would like your primary VestaCP website e.g. https://myserver.com:8083 SSL'ed then follow @dpeca method above. NOTE: This method does not automatically give you https://www.myserver.com:8083. You have to specify it in the command e.g.

Code: Select all

./letsencrypt-auto certonly --renew-by-default --webroot -w /home/admin/web/myserver.com/public_html -d myserver.com,www.myserver.com
Once completed, create CRON job to automatically renew https://myserver.com:8083

Now you if you want https://www.myserver.com & https://myserver.com you can go to the GUI and enable.
To do that.
1. Go to https://myserver.com:8083
2. Click "Web"
3. Move mouse to myserver.com and click "edit"
4. Check box "SSL Support" and now check box "Lets Encrypt Support"
5. Move down to bottom of page and click "Save".

This may take 5-30 seconds to save while it creates the Lets Encrypt certificates. You should receive a "Changes have been saved" message if OK.

Open Browser and ensure you clear all content / cookies / etc. and check the above

Re: how to install letsencrypts ssl for the vestacp admin panel

Posted: Wed Nov 30, 2016 1:32 pm
by dpeca
viewtopic.php?f=19&t=12617
All times are UTC
Page 1 of 3
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/