Let's Encrypt for VestaCP System (8083) and exim4

[Vladimir Chanaev]

ln - s /etc/letsencrypt/live/[mydomain.com]/cert.pem /usr/local/vesta/ssl/certificate.crt
ln -s /etc/letsencrypt/live/[mydomain.com]/privkey.pem /usr/local/vesta/ssl/certificate.key
service vesta restart

Thanks, the best way, if you don't need SSL for Exim.

My VestaCP under Ubunt 16.04 didn't have such paths, so the mod will be:

ln -s --force /home/[user]/conf/web/ssl.[domain.com].pem /usr/local/vesta/ssl/certificate.crt
ln -s --force /home/[user]/conf/web/ssl.[domain.com].key /usr/local/vesta/ssl/certificate.key

[ScIT]

Thanks, the best way, if you don't need SSL for Exim.

My VestaCP under Ubunt 16.04 didn't have such paths, so the mod will be:

ln -s --force /home/[user]/conf/web/ssl.[domain.com].pem /usr/local/vesta/ssl/certificate.crt
ln -s --force /home/[user]/conf/web/ssl.[domain.com].key /usr/local/vesta/ssl/certificate.key

well, you still need to restart the vesta service, so this will still not do the full job...

[MAN5]

Make symlinks (shortcuts) for crt&key files from the server's domain name SSL files. So whenever you renewing your LE cert for vesta panel's domain, it will be used by vesta:8083 automatically.

SSL for Vesta CP:
( Below script will make a shortcut for vestaCP's main crt/key files from main-domain.com domain's certs & making it executable 0644)

Code: Select all

mv /usr/local/vesta/ssl/certificate.crt /usr/local/vesta/ssl/certificate"$(date '+%Y%m%d%H%M').crt"
mv /usr/local/vesta/ssl/certificate.key /usr/local/vesta/ssl/certificate"$(date '+%Y%m%d%H%M').key"

ln -s /home/admin/conf/web/ssl.main-domain.com.crt /usr/local/vesta/ssl/certificate.crt
ln -s /home/admin/conf/web/ssl.main-domain.com.key /usr/local/vesta/ssl/certificate.key

chmod 0644 /usr/local/vesta/ssl/certificate.crt
chmod 0644 /usr/local/vesta/ssl/certificate.key
service vesta restart

If you didnt do the 0644 > you will get cert files read failed.

[youradds]

This is what I use on my servers:

https://git.scit.ch/rs/VestaCP-SystemSSL

Then just setup a cron to run daily.

Andy

[MAN5]

This is what I use on my servers:

https://git.scit.ch/rs/VestaCP-SystemSSL

Then just setup a cron to run daily.

Andy

But curious, why not just make it as a symlink, instead of need of another cron daily?
If there is a reason, i may follow..

[youradds]

This also does the exim4 certificates, so you can correctly connect securely to imap/pop3/smtp :)

[MAN5]

This also does the exim4 certificates, so you can correctly connect securely to imap/pop3/smtp :)

Thats we set 0644 - executable permissions for root. Those certs are will be executable by exim as default.

[youradds]

Ah ok. I may use that on a future server build then :) I had a lot of issues getting the SSL certs to work for the mail stuff, which is why I went for that solution.

[ScIT]

This also does the exim4 certificates, so you can correctly connect securely to imap/pop3/smtp :)

Thats we set 0644 - executable permissions for root. Those certs are will be executable by exim as default.

What do you do, if the let's encrypt cert will be regenerated (normaly after 2 months)? As far as I know, you have to restart the service(s) for providing the new cert, otherwise it will be outdated/invalid. That was also a point, to do this script, because it was the only way for now to restart affected services (in my envroiment vsftpd, vesta and exim4).

[kandalf]

How can we certificate multiple domains. Imagine that you have domain1.com and domain2.com and want to use on mail configurations:
mail.domain1.com
mail.domain2.com

There is any way to create a certificate that works for all domains?