Vesta Control Panel - Forum

Posted: **Mon Jun 24, 2019 10:06 pm**

My OS is Ubuntu 18.04
When I installed VestaCP, I installed Exim4 and Dovecot for e-mail.
(Below I am using fictitious names to illustrate my points.)
Based on a tutorial I found (https://www.mysterydata.com/how-to-conf ... nd-ubuntu/), I:
installed using srv1.main_domain.com as the host.
edited this host to remove all aliases and checked the SSL and LetsEncrypt boxes.
Added the file vestassl to /etc/cron.daily/ The code in the file:

Code: Select all

#!/bin/bash

cert_src="/home/admin/conf/web/ssl.srv1.main_domain.com.pem"
key_src="/home/admin/conf/web/ssl.srv1.main_domain.com.key"
cert_dst="/usr/local/vesta/ssl/certificate.crt"
key_dst="/usr/local/vesta/ssl/certificate.key"

if ! cmp -s $cert_dst $cert_src
then
        # Copy Certificate
        cp $cert_src $cert_dst

        # Copy Keyfile
        cp $key_src $key_dst

        # Change Permission
        chown root:mail $cert_dst
        chown root:mail $key_dst

        # Restart Services
        service vesta restart &> /dev/null
        service exim4 restart &> /dev/null
        service dovecot restart &> /dev/null
fi

I made the file executable and ran it.
I then restarted vesta, exim4 and dovecot.

In Vesta, in Web I added the domain second_domain.com withOUT DNS support (I’m using Cloudflare) but with mail and SSL/LetsEncrypt support. When I check, there is certificate information in the appropriate fields in the Web edit section.

I added an e-mail account.
I use Thunderbird e-mail client. I set up this e-mail account using POP3, port 995 and SMTP, port 587.
I can send and receive e-mail, but I have to add security exceptions to do so.
When I click “Get Messages” or try to send an email, I get a window that tells me the site is trying to identify itself with invalid information and the certificate belongs to a different site.

This window has the option to view the certificate. When I look at it, the Common Name (CN) is srv1.main_domain.com, not mail.second_domain.com.

What do I need to do to get a certificate working in conjunction with mail.second_domain.com?

Posted: **Wed Jun 26, 2019 9:25 am**

Google traslator:

The simplest way to get it is to have the name of the machine and the domain name be the same. So you can use the certificate issued for "domain.tld" and "www.domain.tld" and it will also be automatically renewed. You do not need a certificate for "mail.domain.tld".

Example:

Generates a certificate for the web "domain.tld" and its alias "www.domain.tld".

Change the hostname and server name to "domain.tld".

Use "domain.tld" in Thunderbird's SMTP and IMAP fields.

So that your mail is not considered spam, remember to point your record "reverse dns" to "domain.tld" in the control panel of your vps.

La forma más sencilla de conseguirlo consiste en que el nombre de la máquina y el del dominio sean el mismo. Así puedes usar el certificado expedido para "domain.tld" y "www.domain.tld" y además se renovará automáticamente. No necesitas un certificado para "mail.domain.tld".

Ejemplo:

Genera un certificado para la web "domain.tld" y su alias "www.domain.tld".
Cambia el nombre de host y del servidor a "domain.tld".
Usa "domain.tld" en los campos SMTP e IMAP de Thunderbird.

Para que tu correo no sea considerado spam, recuerda apuntar tu registro "reverse dns" a "domain.tld" en el panel de control de tu vps.

Posted: **Wed Jun 26, 2019 9:33 pm**

First, thanks for the hint about reverse DNS to prevent my emails being designated as spam.
Regarding, the hostname (macine name) being the same as the domain name, that is inadequate. In my post, I only used one domain to keep thepost from being any longer. But in actuality, I have multiple domais set up on this server, so even if I set one up with the same name as the hostname, I'll still have the problem with the other domains.

Posted: **Thu Jun 27, 2019 7:49 am**

My VestaCP is for personal use and I only have a domain.

Then I think the only way for do it, is to create a empty web "mail." subdomain for every domain, because Let'sencryt needs web access for verify it.

This way, hostname and reverse dns can to be diferent to domain name.

Posted: **Thu Jun 27, 2019 3:19 pm**

I'm not sure if what I describe below is what you intended, but it didn't work. I still get the request to authorize an exception when I try to check mail in Thunderbird.

In Web I added the domain mail.second_domain.com WITHOUT SSL support and removed the www alias from the box that Vesta automatically adds.

I entered https://mail.second_domain.com in a browser and got the usual page about the requested page not being secure.

In Vesta, I edited the domain to add SSL support.

I again entered https://mail.second_domain.com in a browser and this time I got the default Vesta index.html page.

But when I tried to check email in Thunderbird, I still got the warning that it is unsecure and asking if I want to add an exception.

Posted: **Thu Jun 27, 2019 5:03 pm**

Are you using "mail.second_domain.com" in outgoing and incoming Thunderbird servers fields?

If it is so, I don't know what is happening.

Posted: **Fri Jun 28, 2019 11:04 am**

Yes, I'm using mail.second_domain.com for both.

Posted: **Fri Jun 28, 2019 2:57 pm**

I have been playing a long time with my VPS and have found several problems and solutions. This is right way to do it: How to setup a Let'sEncrypt hostname certificate for VestaCP, Exim, Dovecot...

Vesta Control Panel - Forum

I can’t get my e-mail to work with LetsEncrypt.

I can’t get my e-mail to work with LetsEncrypt.

Re: I can’t get my e-mail to work with LetsEncrypt.

Re: I can’t get my e-mail to work with LetsEncrypt.

Re: I can’t get my e-mail to work with LetsEncrypt.

Re: I can’t get my e-mail to work with LetsEncrypt.

Re: I can’t get my e-mail to work with LetsEncrypt.

Re: I can’t get my e-mail to work with LetsEncrypt.

Re: I can’t get my e-mail to work with LetsEncrypt.