We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Force ssl and lets encrypt problems
Force ssl and lets encrypt problems
Hi,
I am running vesta with nginx and php-fpm.
I want every website to run as https so I used this faq:
https://vestacp.com/docs/#how-to-force-https
First of all I needed to copy "force-https.tpl" & "force-https.stpl" to /usr/local/vesta/data/templates/web/nginx/php-fpm or it wasn't listed in the dropdownlist.
But when you create a new website like test.com and select force-https the letsencrypt fails with "Error: The key authorization file from the server did not match this challenge"
Which is logical because the force-https config files is missing the:
location ~ "^/\.well-known/acme-challenge/(.*)$" {
When you first select the default and then change it to force https it works but will the renewal work?
I am running vesta with nginx and php-fpm.
I want every website to run as https so I used this faq:
https://vestacp.com/docs/#how-to-force-https
First of all I needed to copy "force-https.tpl" & "force-https.stpl" to /usr/local/vesta/data/templates/web/nginx/php-fpm or it wasn't listed in the dropdownlist.
But when you create a new website like test.com and select force-https the letsencrypt fails with "Error: The key authorization file from the server did not match this challenge"
Which is logical because the force-https config files is missing the:
location ~ "^/\.well-known/acme-challenge/(.*)$" {
When you first select the default and then change it to force https it works but will the renewal work?
Re: Force ssl and lets encrypt problems
The same problem. I installed nginx without apache module, and also couldn't find force-ssl in the dropdown list according to the official manual.rpr wrote: ↑Mon Apr 03, 2017 8:43 amHi,
I am running vesta with nginx and php-fpm.
I want every website to run as https so I used this faq:
https://vestacp.com/docs/#how-to-force-https
First of all I needed to copy "force-https.tpl" & "force-https.stpl" to /usr/local/vesta/data/templates/web/nginx/php-fpm or it wasn't listed in the dropdownlist.
But when you create a new website like test.com and select force-https the letsencrypt fails with "Error: The key authorization file from the server did not match this challenge"
Which is logical because the force-https config files is missing the:
location ~ "^/\.well-known/acme-challenge/(.*)$" {
When you first select the default and then change it to force https it works but will the renewal work?
It's hard to configure the SSL and the redirect. So sad:(
Re: Force ssl and lets encrypt problems
I also find that the existing template is not very friendly when it comes to adding additional config or in this case, forcing ssl. This is how I do it. Let use the default.tpl for php-fpm as example: https://github.com/serghey-rodin/vesta/ ... lt.tpl#L10
Specifically line #10 or more specifically find the "location / {" line:
Change this to:
This will give you more flexibility to have custom nginx conf file. Then add a file inside of your website private folder, example: /home/user/web/example.com/private/nginx.conf
Then use Vesta Panel to switch template and apply the new configuration.
You can also just add the above code to line #11 of the original template file, but that will make it harder to force ssl with specific website using the same template.
Here's the script I use to patch all of the php-fpm template files: https://gist.githubusercontent.com/noog ... 0/patch.sh
Specifically line #10 or more specifically find the "location / {" line:
Code: Select all
location / {
Code: Select all
location / {
include %home%/%user%/web/%domain%/private/ngin*.conf;
Code: Select all
# doing https redirect
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
You can also just add the above code to line #11 of the original template file, but that will make it harder to force ssl with specific website using the same template.
Here's the script I use to patch all of the php-fpm template files: https://gist.githubusercontent.com/noog ... 0/patch.sh