We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Feature Request: Support Let's Encrypt
-
- Posts: 139
- Joined: Thu Jan 07, 2016 12:01 am
Re: Feature Request: Support Let's Encrypt
Using it on 2 sites right now (centos 7 + apache + fpm). I actually have a Comodo Positive SSL Cert on a 3rd domain. Single IP address. Chrome picks it up right away, everything looks good and I have to say......Well done.kodiak wrote:I've written an script that integrates the Let's Encrypt client with Vesta's command line tools to automate the request process for Vesta. You can clone it from GitHub at https://github.com/interbrite/letsencrypt-vesta. See the README file for installation instructions.
Once you've installed it, all you need to do is run, where USER is a Vesta user account and DOMAIN is a domain hosted under that account. The script will look up the aliases associated with the domain and request a certificate for all of them, use webroot authentication to validate the domains, and then properly install the cert using the Vesta command line tools. The same command is used for new requests and renewals and it will work on any domain, whether or not SSL support has already been enabled on it.Code: Select all
letsencrypt-vesta USER DOMAIN
-
- Posts: 139
- Joined: Thu Jan 07, 2016 12:01 am
Re: Feature Request: Support Let's Encrypt
Now my last question is this? When a client/user creates their domain, and set SSL support, will vesta actually call the scripts and setup the domain with ssl? Or is that still something the admin/root needs to do?
Re: Feature Request: Support Let's Encrypt
Be careful... olders versions of IE dont recognizes the cert as valid... (only IE 10+), really, IE its a pain in the ass
Re: Feature Request: Support Let's Encrypt
^ Thanks for reminding.
Re: Feature Request: Support Let's Encrypt
And reminding a fix...pandabb wrote:^ Thanks for reminding.
Code: Select all
# Redirect MSIE <10 to HTTP site
RewriteCond %{HTTPS} =on
RewriteCond %{HTTP_USER_AGENT} "MSIE [6-9]" [NC]
RewriteRule ^(.*)$ http://www.yourwebsite.com/$1 [L,R]
Re: Feature Request: Support Let's Encrypt
Thanks sir, am i supposed to add that code on my .htaccess?
Re: Feature Request: Support Let's Encrypt
Thank you. Glad you find it useful.BBuchanan1013 wrote:kodiak wrote:Using it on 2 sites right now (centos 7 + apache + fpm). I actually have a Comodo Positive SSL Cert on a 3rd domain. Single IP address. Chrome picks it up right away, everything looks good and I have to say......Well done.
Re: Feature Request: Support Let's Encrypt
can i ask again, how to apply this for a subdomain? Thanks
Re: Feature Request: Support Let's Encrypt
Wonderfull !kodiak wrote:I've written an script that integrates the Let's Encrypt client with Vesta's command line tools to automate the request process for Vesta. You can clone it from GitHub at https://github.com/interbrite/letsencrypt-vesta. See the README file for installation instructions.
Once you've installed it, all you need to do is run, where USER is a Vesta user account and DOMAIN is a domain hosted under that account. The script will look up the aliases associated with the domain and request a certificate for all of them, use webroot authentication to validate the domains, and then properly install the cert using the Vesta command line tools. The same command is used for new requests and renewals and it will work on any domain, whether or not SSL support has already been enabled on it.Code: Select all
letsencrypt-vesta USER DOMAIN
Works very well, thank you !
I hope it will be implemented officialy in future VestaCP version :)
I'm just looking for the good way to change the lentgh of the generated keys.
I want to switch from 2048bits to 4096 and I don't know how to set this correctly (there is no /etc/letsencrypt/cli.ini file)
Re: Feature Request: Support Let's Encrypt
Finally, I have another problem...
For my first domain, the LE command worked perfectely.
But on the second domain, I have this error :
I follow with attention the doc on https://github.com/interbrite/letsencrypt-vesta
I didn't change nginx config because I have apache2 installed...
What am I doing wrong ?
For my first domain, the LE command worked perfectely.
But on the second domain, I have this error :
Code: Select all
# letsencrypt-vesta Customer mywebsite.pro
Updating letsencrypt and virtual environment dependencies......
Requesting root privileges to run with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt -t --renew-by-default --agree-tos --webroot -w /etc/letsencrypt/webroot --server https://acme-v01.api.letsencrypt.org/directory -m [email protected] -d mywebsite.pro,www.mywebsite.pro certonly
Failed authorization procedure. www.mywebsite.pro (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge [uockZgg0DnhUDwa1elW2ydRl6BIrpyKXCBLIk9X0CLc.DfsW_bCmthmM10DmlBEQctRqa86-XccmOpQ5j8C0xu8] != [uockZgg0DnhUDwa1elW2ydRl6BIrpyKXCBLIk9X0CLc.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8], mywebsite.pro (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge [EqrRRyskcSR2BjiDcnrrVwwjUK6RkleM6JvEh6F3Hpw.DfsW_bCmthmM10DmlBEQctRqa86-XccmOpQ5j8C0xu8] != [EqrRRyskcSR2BjiDcnrrVwwjUK6RkleM6JvEh6F3Hpw.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8]
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: www.mywebsite.pro
Type: urn:acme:error:unauthorized
Detail: The key authorization file from the server did not match
this challenge [uockZgg0DnhUDwa1elW2ydRl6BIrpyKXCBLIk9X0CLc.DfsW_bC
mthmM10DmlBEQctRqa86-XccmOpQ5j8C0xu8] !=
[uockZgg0DnhUDwa1elW2ydRl6BIrpyKXCBLIk9X0CLc
.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8]
Domain: mywebsite.pro
Type: urn:acme:error:unauthorized
Detail: The key authorization file from the server did not match
this challenge [EqrRRyskcSR2BjiDcnrrVwwjUK6RkleM6JvEh6F3Hpw.DfsW_bC
mthmM10DmlBEQctRqa86-XccmOpQ5j8C0xu8] !=
[EqrRRyskcSR2BjiDcnrrVwwjUK6RkleM6JvEh6F3Hpw
.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8]
Let's encrypt returned an error status. Aborting.
I didn't change nginx config because I have apache2 installed...
What am I doing wrong ?