Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

[apachler]

ok, thank you!

so i have to issue the certificate on my own and then pass the path to the file to the v-change-sys-vesta-ssl script, right?

[delebash]

Feature you may want to consider.

Generating Strong Diffie-Hellman Group
see viewtopic.php?t=11425
For Nginx

Run below to create a strong Diffie-Hellman group.

Code: Select all

sudo openssl dhparam -out /etc/nginx/dhparams.pem 4096

or 2048

This code aslo disables ssl_protocals except for TLSv1.2 for modern browsers, but you don't have to just leave ssl_protocals as it was originally.

Code: Select all

sudo nano /etc/nginx/nginx.conf

Find Line # SSL PCI Compliance and replace with

Code: Select all

# SSL PCI Compliance
ssl_session_cache   shared:SSL:10m;
ssl_protocols       TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_dhparam /etc/nginx/dhparams.pem;
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;

Restart nginx

[dpeca]

ok, thank you!

so i have to issue the certificate on my own and then pass the path to the file to the v-change-sys-vesta-ssl script, right?

Yes.

[amitz]

Hello,

I do get this error although i have installed the latets pip version:

pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7)

Command "python setup.py egg_info" failed with error code -9 in /tmp/pip-build-f 7lKZJ/zope.interface
You are using pip version 8.0.3, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
ERROR: Something went wrong. Check output above.

How to fix this?

[dpeca]

Hello,

I do get this error although i have installed the latets pip version:

pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7)

Command "python setup.py egg_info" failed with error code -9 in /tmp/pip-build-f 7lKZJ/zope.interface
You are using pip version 8.0.3, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
ERROR: Something went wrong. Check output above.

How to fix this?

It's related to letsencrypt certbot script (downloaded from https://github.com/certbot/certbot ) - and I can't provide support for it (because I didn't developed it).
Be free to ask this question on their official support forum - https://github.com/certbot/certbot/issues - or - https://community.letsencrypt.org/

[kinnth]

Read through the begining and the end of the thread. It sounds like a very good script and would it not be good to incorporate directly into VESTA as a button next to the SSL check box?

When I tried the let's encrypt button, I didn't get my details filled in and had some issues.

My question is as this is a very old post - The current version is the script from the OP still working and in use with the latest VESTA? Should I download and run it or is the native VESTA operation now better and working well?

[dpeca]

Script will not be incorporated into Vesta because Vesta has its own LetsEncrypt implementation.

But, there are two reasons why my scripts exists.

1) As you already said, Vestas LE implementation still does not work very well

2) Still there is no option in GUI to implement LE cert to all daemons


Current version of my script works fine with latest VestaCP.

[Harry77]

I can't use this script anymore,
I installed vestacp on a clean server but I get:

Command "python setup.py egg_info" failed with error code -9 in /tmp/pip-build-f 7lKZJ/zope.interface
You are using pip version 8.0.3, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
ERROR: Something went wrong. Check output above.

Even if i update pip to version 9.0.1.

I tried with a clean vestacp install on centos 6 64, centos 6 32, centos 7 64, debian 7 and ubuntu 16.10.

[dpeca]

it's a bug in https://github.com/letsencrypt/letsencrypt
I will check what is going on.

[dpeca]

Checked, everything is working just fine on Debian 8.7, there is no bug.