How to setup a Let'sEncrypt hostname certificate for VestaCP, Exim, Dovecot...
Posted: Sun Jun 30, 2019 2:45 pm
Under "VestaCP/Web/+" we create the mail.domain.tld subdomain. The only needed option is "SSL/Let'sEncript". DNS Support, Mail Support, Aliases, Proxy can be removed/unmarked.This process have been tested on a CentOS 7 VPS, but should to work in others distros. In this example, we will use mail.domain.tld as our server hostname, but can be any other.
We wait for a few minutes while certificate is issued. We can check it in "VestaCP/Web/mail.domain.tld/SSL Support: Lets encrypt" info panel. Use "F5" for refresh.To do the above, we can also use:This empty web subdomain is required on every Let'sEncrypt verification process. Don't remove.Code: Select all
ssh [email protected] /usr/local/vesta/bin/v-add-domain USER DOMAIN [IP] [RESTART] /usr/local/vesta/bin/v-add-letsencrypt-domain USER DOMAIN [ALIASES] [RESTART] [NOTIFY]
Now we need to setup the system hostname for our server, verify it and a reboot is required:
Code: Select all
ssh [email protected]
hostnamectl set-hostname mail.domain.tld
hostnamectl
reboot
Code: Select all
ssh [email protected]
/usr/local/vesta/bin/v-update-host-certificate 'admin' $HOSTNAME
We add the line "UPDATE_HOSTNAME_SSL='yes'" to "/usr/local/vesta/conf/vesta.conf" file for certificate autoupdate:From this moment, we will need to use https://mail.domain.tld:8083/ to enter the control panel.
Code: Select all
echo "UPDATE_HOSTNAME_SSL='yes'" >> /usr/local/vesta/conf/vesta.conf
System, VestaCP, SMTP and IMAP/POP3 host names must be the same and match with certificate (CN) field and PTR record in DNS zone to avoid mail problems.