Page 1 of 3
how to install letsencrypts ssl for the vestacp admin panel
Posted: Sun Feb 14, 2016 1:05 am
by amitz
Hello,
how to install letsencrypts ssl for the hostname like
https://xy.domain.com:8083
Re: how to install letsencrypts ssl for the vestacp admin panel
Posted: Sun Feb 14, 2016 9:30 pm
by wodCZ
have a look at this topic:
viewtopic.php?f=10&t=10597
Re: how to install letsencrypts ssl for the vestacp admin panel
Posted: Mon Feb 15, 2016 12:38 am
by dpeca
Lets say you are using mydomain.com for VestaCP (accessing it via
https://mydomain.com:8083/ )
(Note: mydomain.com must be accessible from the internet, domain must point to IP of your server)
Here are the steps:
Code: Select all
cd /root
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --help
Then run:
Code: Select all
./letsencrypt-auto certonly --renew-by-default --webroot -w /home/admin/web/[YOUR-HOSTNAME]/public_html -d [YOUR-HOSTNAME]
If succeed, this procedure will create folder
/etc/letsencrypt/live/mydomain.com with
cert.pem and
privkey.pem files.
Now replace self-signed SSL with newly created SSL:
Code: Select all
cp /etc/letsencrypt/live/mydomain.com/cert.pem /usr/local/vesta/ssl/certificate.crt
cp /etc/letsencrypt/live/mydomain.com/privkey.pem /usr/local/vesta/ssl/certificate.key
Finaly, restart VestaCP:
That's it.
P.S.
To renew SSL, every 2 months run via cron:
Code: Select all
cd /root/letsencrypt
git pull
./letsencrypt-auto certonly --renew-by-default --webroot -w /home/admin/web/[YOUR-HOSTNAME]/public_html -d [YOUR-HOSTNAME]
cp /etc/letsencrypt/live/mydomain.com/cert.pem /usr/local/vesta/ssl/certificate.crt
cp /etc/letsencrypt/live/mydomain.com/privkey.pem /usr/local/vesta/ssl/certificate.key
sudo service vesta restart
Re: how to install letsencrypts ssl for the vestacp admin panel
Posted: Mon Feb 15, 2016 7:56 pm
by wodCZ
dpeca wrote:
If succeed, this procedure will create folder
/etc/letsencrypt/live/mydomain.com with
privkey.pem and
cert.pem files.
Copy content of that files to clipboard.
Then run:
Code: Select all
nano /usr/local/vesta/ssl/certificate.crt
Delete previously content and paste content from cert.pem, then save.
Then run:
Code: Select all
nano /usr/local/vesta/ssl/certificate.key
Delete previously content and paste content from privkey.pem, then save.
Finaly, run:
Keep in mind that LetsEncrypt certs are valid only three months, after that period you'll have to repeat that process. Better approach would be to symlink certificates instead of copying them and placing previous commands in cronjob that runs once every two months as I propose in my thread.
Re: how to install letsencrypts ssl for the vestacp admin panel
Posted: Mon Feb 15, 2016 11:29 pm
by dpeca
Totally agree.
But, (or btw), everything in /etc/letsencrypt/live/mydomain.com is already symlink... is it possible to symlink a symlink? :D
I will check tomorrow :D
And yes, proccess must be repeated every three months:
Code: Select all
cd letsencrypt
service apache2 stop
./letsencrypt-auto certonly --standalone -d mydomain.com
service apache2 start
cp /etc/letsencrypt/live/mydomain.com/cert.pem /usr/local/vesta/ssl/certificate.crt
cp /etc/letsencrypt/live/mydomain.com/privkey.pem /usr/local/vesta/ssl/certificate.key
service vesta restart
Re: how to install letsencrypts ssl for the vestacp admin panel
Posted: Wed Jun 08, 2016 5:41 pm
by delebash
An alternative way a little more automated and easier to setup via letsencrypt-vesta script
See blog outlining letsencrypt-vesta installation steps
http://www.servermom.org/install-lets-e ... tacp/3208/
Re: how to install letsencrypts ssl for the vestacp admin panel
Posted: Tue Nov 29, 2016 12:20 pm
by phez
Confirm that the new VestaCP 0.9.8.17 "GUI" option for lets encrypt does not work to encrypt the vestacp admin panel.
The method listed by dpeca does.
Re: how to install letsencrypts ssl for the vestacp admin panel
Posted: Tue Nov 29, 2016 4:30 pm
by amitz
Yes same here as @phez mentioned.
Re: how to install letsencrypts ssl for the vestacp admin panel
Posted: Wed Nov 30, 2016 9:59 am
by phez
Guys,
I can confirm the following with 9.8.17 if you would like the following SSL encrypted sites.
If you would like your primary VestaCP website e.g.
https://myserver.com:8083 SSL'ed then follow @dpeca method above. NOTE: This method does not automatically give you https://
www.myserver.com:8083. You have to specify it in the command e.g.
Code: Select all
./letsencrypt-auto certonly --renew-by-default --webroot -w /home/admin/web/myserver.com/public_html -d myserver.com,www.myserver.com
Once completed, create CRON job to automatically renew
https://myserver.com:8083
Now you if you want
https://www.myserver.com &
https://myserver.com you can go to the GUI and enable.
To do that.
1. Go to
https://myserver.com:8083
2. Click "Web"
3. Move mouse to myserver.com and click "edit"
4. Check box "SSL Support" and now check box "Lets Encrypt Support"
5. Move down to bottom of page and click "Save".
This may take 5-30 seconds to save while it creates the Lets Encrypt certificates. You should receive a "Changes have been saved" message if OK.
Open Browser and ensure you clear all content / cookies / etc. and check the above
Re: how to install letsencrypts ssl for the vestacp admin panel
Posted: Wed Nov 30, 2016 1:32 pm
by dpeca