We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Not to change config when updating Lets Encrypt SSL
Not to change config when updating Lets Encrypt SSL
Hi,
I have standart VPS with nginx+apache2.
domain.apache2.ssl.conf is always reset to it's default state when the system perform a scheduled update of SSL certificate (Let's Encrypt).
I have custom php_admin_value open_basedir there and everything stop working every 3 months.
How to prevent VestaCP from changing this config? Everything what is necessary for SSL update is to replace certificate files and restart web server.
Also I don't truely understand why apache2 shuld be configured to use SSL, nginx works as a frontend proxy both for static and for php, so apache2 should not take care of SSL connection process.
I have standart VPS with nginx+apache2.
domain.apache2.ssl.conf is always reset to it's default state when the system perform a scheduled update of SSL certificate (Let's Encrypt).
I have custom php_admin_value open_basedir there and everything stop working every 3 months.
How to prevent VestaCP from changing this config? Everything what is necessary for SSL update is to replace certificate files and restart web server.
Also I don't truely understand why apache2 shuld be configured to use SSL, nginx works as a frontend proxy both for static and for php, so apache2 should not take care of SSL connection process.
-
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: Not to change config when updating Lets Encrypt SSL
You need to make your own custom templates and then apply the template to your website. This way your config will remain as per your own template when SSL is renewed.
Make a copy of template from /usr/local/vesta/data/templates/web, rename the 3 files appropriately and customise parameters in them. Isn't that hard if you check it properly.
Make a copy of template from /usr/local/vesta/data/templates/web, rename the 3 files appropriately and customise parameters in them. Isn't that hard if you check it properly.
Re: Not to change config when updating Lets Encrypt SSL
You can overwrite custom settings to website config include:
Code: Select all
/home/$USER/conf/web/$domain.httpd.conf-custom
/home/$USER/conf/web/$domain.httpd.ssl.conf-custom
Re: Not to change config when updating Lets Encrypt SSL
Thank you, it works.
One more bug. Clean server, latest VestaCP installed.
Users and websites imported from backups moved from the old server.
Website has Let's Encrypt certificate and it's stated in the website list in the panel.
But, there is no cron to update expiring certificates.
To force this cron task to appear you need to remove SSL and activate it again manually at least for 1 domain. Maybe necessary to add it not only when SSL is activated manually, but also when restoring user from backup. IMHO.
One more bug. Clean server, latest VestaCP installed.
Users and websites imported from backups moved from the old server.
Website has Let's Encrypt certificate and it's stated in the website list in the panel.
But, there is no cron to update expiring certificates.
Code: Select all
sudo /usr/local/vesta/bin/v-update-letsencrypt-ssl