JakeTheDog420 wrote:slaapkopamy wrote:I have fixed was a SSL problem where vesta wont start.
Could you possibly elaborate on your issue/fix? I've just ran into a similar problem. I recently changed the servers hostname and SSL certificates as they were incorrectly setup during installation and the certificate wasn't pointing to the correct domain so emails were throwing up insecure warnings.. Everything seemed to be working fine after I changed and updated the details.
I was still able to access the vestaCP on port 8083...
I came to check on the control panel today on same port and I get err connection refused.
I attempted to do a manual restart of vesta via terminal by typing
and I got the following error back
Code: Select all
[....] Restarting vesta-nginx: vesta-nginxnginx: [emerg] SSL_CTX_use_PrivateKey_file("/usr/local/vesta/ssl/certificate.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
Clearly I've misconfigured something to do with the SSL keys stopping vestaCP from accepting connections. I'm not quite sure why this issue didn't surface straight away as the webserver has remained in the same state as it did when I first made the changes I think the only thing that has changed since is the IP I'm connecting to the server from but that shouldn't be an issue as I imagine the 8083 port isn't restricted to a specific IP as that would require accessing the control panel from a static IP all the time...
Hopefully someone can point me in the right direction here?
Thanks
Managed to get it working (not sure if the fix is a permenant solution or if it just managed to get the control panel accessible again but hopefully at the bare minimum its repeatable if the issue persists until a full fix is found)
First step is to find a working set of SSL keys. I wasn't sure where to find these or but I re-issued my command v-add-letsencrypt-domain mydomain.com alias.mydomain.com serverip hoping that it would work.
Now when that didn't work and I saw the error was about an SSL mismatch my assumption was maybe the command is issuing new keys but not updating the server so the wrong keys were getting used...
The directory with the keys that are created upon the v-add command is /home/[USER]/[YOURDOMAIN]/conf/web/
Here you will find at least one .key and one .crt file.
I actually had 8files all with the SSL prefix.
Choosing which one to use felt like mostly guess work as it seems that it generated seperate ssl keys for each of my domains I specified even though one was a subdomain and the other was my server IP and they were supposed to be made as an alias.. I decided to go with my subdomain key and crt file.
I then proceeded to make a backup of the current SSL files vesta was referring to. I did this twice once locally on the server and then again externally on my local machine. I used SSH to make the backup files.
CD to /usr/local/vesta/ssl/
cp certificate.crt certificate.crt.bkup
cp certificate.key certificate.key.bkup
Then you can FTP into your server and go to the same directory and download either the original or the backup files to your local machine. They should be the same so eithers fine. Then proceed to delete the original cert.key and cert.crt files leaving only the .bkups on your server.
From here return to your SSH terminal session and change directory again if you're in the vesta/ssl directory back to your user directory which contains your SSL keys.
Simply copy them over using the cp command again example below:
cp subdomain.domain.com.crt /usr/local/vesta/ssl/certificate.crt
cp subdomain.domain.com.key /usr/local/vesta/ssl/certificate.key
This will create a copy with the correct name in the vesta ssl directory.
Last step is simply to restart the vestaCP service and prey that you get the OK on both nginx and vestaphp service's this time!
I can confirm this fixed my mismatch and allowed the vesta service to restart. Once restarted my serverIP:8083 was accessible again however displayed a SSL insecure warning showing the certificate is registered to my subdomain.
I can also confirm if I access the vesta control panel via subdomain.domain.com:8083 I go straight to the login page and see a green padlock confirming the page is being loaded securely.
Hopefully this fixes it if anyone else runs into similar problems! Shame this forum isn't more active I feel like vesta has a lot to offer but without an active community many people probably move to cpanel or possibly even other free options with more active communities.. Anyway I'll post this in the other places I saw similar issues where I posted looking for help here so maybe it can help others (Y)