Vesta Control Panel - Forum

I'm running prosody and am linked the /home/admin/conf/web/ .crt and .key certificates for prosody to use, but it's giving me an error when I test my xmpp server.

Error: unable to get local issuer certificate.
Error: unable to verify the first certificate.

I don't know much about certificates, but in the past when I generated LE certs with certbot, it generated everything I needed.

I asked #letsencrypt support on freenode, they said Vesta is probably not including the intermediate certificate with the leaf certificate.

In the vesta control panel it shows the "SSL Certificate Authority / Intermediate (optional)" box is full.

What do I need to do to fix this?

Thanks.

If the problem is with intermediate certificate, then link to [certificate].pem instead of .crt
Also make sure that file permissions are correct an prosody process has access rights to the certificates.

Hmm.. I thought that's what it might be. When I switch back to .crt, it works fine except for the intermediate certificate error. "The server certificate is not signed by a known Certificate Authority". The permissions are ok. If prosody doesn't have permission to read the certificate it won't start and will return an error. I check with sudo -u prosody cat /path/to/certificate.key and it is able to read it.

When I use the .pem file I receive an "Undefined condition." error in Pidgin. In Xabber, it just says "Connecting..." and never returns an error or times out.

Does Vesta create a non-standard .pem file or something?

Thanks.

The files, .key, .pem and .crt confused me as what is the correct order of putting them into the GUI of re-setting an existing domain.

I opened them with the textpad and these were all magic symbols, hard to know which should be filled in which blank.

This would be better and less frustrating if GUI adds hints and three upload buttons for users to select respective files to upload to somewhere Vesta can process and re-deploy the cert.