We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Best method for creating and renewing an SSL certificate for VestaCP backend/mail server?
-
- Posts: 25
- Joined: Wed Sep 09, 2015 7:19 pm
Best method for creating and renewing an SSL certificate for VestaCP backend/mail server?
What's the best way to establish an ssl certificate for Vesta control panel and the mail server?
Currently, I'm just copying the one it generates for the sole user/domain every 2 or 3 months, but hypothetically, lets say I was a shared host and had multiple users with multiple domains in Vesta...
The backend requires SSL, and lets say I want to enforce SSL for the users' mail. They both point to a single certifcate in /usr/local/vesta/ssl
Then the url for the mail server has to be singular and shared amongst each user for their mail, correct?
But I need a user and a domain record for Vesta to register and auto-renew the ssl certificate itself.
Logged in as the admin, I could create a new record in the WEB section referring to the hosting url that I would give to users.
I could then add a cron that copies the generated certificates into /usr/local/vesta/ssl immediately after every time a new certificate is created.
Is this be the most appropriate way to go about maintaining an SSL certificate for the backend within the Vesta environment?
If so, it would be good if this behaviour was inbuilt, through a special option only available to the admin user.
Currently, I'm just copying the one it generates for the sole user/domain every 2 or 3 months, but hypothetically, lets say I was a shared host and had multiple users with multiple domains in Vesta...
The backend requires SSL, and lets say I want to enforce SSL for the users' mail. They both point to a single certifcate in /usr/local/vesta/ssl
Then the url for the mail server has to be singular and shared amongst each user for their mail, correct?
But I need a user and a domain record for Vesta to register and auto-renew the ssl certificate itself.
Logged in as the admin, I could create a new record in the WEB section referring to the hosting url that I would give to users.
I could then add a cron that copies the generated certificates into /usr/local/vesta/ssl immediately after every time a new certificate is created.
Is this be the most appropriate way to go about maintaining an SSL certificate for the backend within the Vesta environment?
If so, it would be good if this behaviour was inbuilt, through a special option only available to the admin user.
Re: Best method for creating and renewing an SSL certificate for VestaCP backend/mail server?
In my opinion, the server certificate (used for VESTA, Exim, Dovecot, vsftpd) should be on the FQDN of the server, e.g. server1.mycompany.tld
Yes, I agree! There should be an option in the admin UI for that, but for the time being I'm using a script I've written to take care of that. As always test before use - use at your own risk.
Yes, I agree! There should be an option in the admin UI for that, but for the time being I'm using a script I've written to take care of that. As always test before use - use at your own risk.