We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Letsencrypt automatic script
Re: Letsencrypt automatic script - Suggestion about CMS use
Another solution to this would be to move the Let's Encrypt "webroot" outside of the site itself and then use an Alias in Apache (or Nginx) to direct requests to it. Doing it this way, Apache directs all verification requests away from the site itself, so the site's .htaccess never gets in the way, so there's no need to mess with any of the site files.vlahonick wrote:I would like to suggest you adding a "fix" in this automatic script for users to be able to use it with Drupal or other CMS.
I didn't have the time to test your script thoroughly but is a known Let's Encrypt bug to have broken authorization when used with Drupal (https://community.letsencrypt.org/t/dru ... ation/3014).
The problem is that the Drupal .htaccess (I will soon try to reproduce the problem in Joomla and WordPress) breaks the issuing of the certificate and it has to be temporarily removed so you can successfully issue the certificate.
The solution is a simple command and it would be awesome if you implement another checkbox in Vesta UI, something like "Certificate for CMS" and when ticked by the user to have it run the command below...
You can create a letsencrypt.conf file in Apache's conf.d directory:
Code: Select all
Alias /.well-known/acme-challenge /etc/letsencrypt/webroot/.well-known/acme-challenge
Re: Letsencrypt automatic script - Suggestion about CMS use
Hi Kodiakkodiak wrote: Another solution to this would be to move the Let's Encrypt "webroot" outside of the site itself and then use an Alias in Apache (or Nginx) to direct requests to it. Doing it this way, Apache directs all verification requests away from the site itself, so the site's .htaccess never gets in the way, so there's no need to mess with any of the site files.
You can create a letsencrypt.conf file in Apache's conf.d directory:And then use "--webroot -w /etc/letsencrypt/webroot" in your letsencrypt command for all domains. Note that you'll need to create the /etc/letsencrypt/webroot directory for this to work.Code: Select all
Alias /.well-known/acme-challenge /etc/letsencrypt/webroot/.well-known/acme-challenge
Lordcris's Script already use the way for authentification over webroot. So no conflict with the Drupal Bug.
I implemented your sugest with the apache2 alias in my templates, works like a charm.
The scripts will be released in 2-3 Days, but need some testing from the crowd.
Best Regards
Raphael
Re: Letsencrypt automatic script
Hi @all
First version of the modification work is now online: https://github.com/ScIT-Informatik-GmbH ... etsEncrypt
PLEASE DO NOT USE IT IN PRODUCTIVE ENVROIMENT!
Still in development, atm there are no "how to's". For all Developers: Please take a look and feel free to correct my work, my programming skills are like the script in "development" :).
Best Regards
Raphael
First version of the modification work is now online: https://github.com/ScIT-Informatik-GmbH ... etsEncrypt
PLEASE DO NOT USE IT IN PRODUCTIVE ENVROIMENT!
Still in development, atm there are no "how to's". For all Developers: Please take a look and feel free to correct my work, my programming skills are like the script in "development" :).
Best Regards
Raphael
Re: Letsencrypt automatic script
Thanks for posting your script I tried it on one of my dev servers. Got everything up and running after giving the right permissions to the bash file and generating an dhparam for nginx. Only issue I found is when you try the delete the domain from the panel. I get this error in nginx and the panel returns an error 12.ScIT wrote:Hi @all
First version of the modification work is now online: https://github.com/ScIT-Informatik-GmbH ... etsEncrypt
PLEASE DO NOT USE IT IN PRODUCTIVE ENVROIMENT!
Still in development, atm there are no "how to's". For all Developers: Please take a look and feel free to correct my work, my programming skills are like the script in "development" :).
Best Regards
Raphael
Code: Select all
nginx: [emerg] BIO_new_file("/home/admin/conf/web/ssl.test.xxxxxx.net.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/home/admin/conf/web/ssl.test.xxxxx.net.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed
Edit:
If fixed my issue by opening /usr/local/vesta/data/users/admin/web.conf and setting SSL to no and then running this command
Code: Select all
v-rebuild-web-domains admin
Last edited by efinstorm on Sat Jan 02, 2016 8:58 pm, edited 1 time in total.
Re: Letsencrypt automatic script
Hi efnistormefinstorm wrote:Thanks for posting your script I tried it on one of my dev servers. Got everything up and running after giving the right permissions to the bash file and generating an dhparam for nginx. Only issue I found is when you try the delete the domain from the panel. I get this error in nginx and the panel returns an error 12.
Thanks.Code: Select all
nginx: [emerg] BIO_new_file("/home/admin/conf/web/ssl.test.xxxxxx.net.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/home/admin/conf/web/ssl.test.xxxxx.net.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file) nginx: configuration file /etc/nginx/nginx.conf test failed
This is correct, if you have the nginx template "Default" in Web Settings, the Template in /home/user/conf/web/snginx.conf can't be removed correctly. Atm I haven't found any solution but opened an bug inside of GitHub: https://github.com/ScIT-Informatik-GmbH ... t/issues/1
Please feel free to help develop this modification and send your modified source over GitHub.
PS: If you use "caching" nginx profile, the remove process works correctly.
PPS: You can resolv the issue, when you remove the certificate and settings manualy (remove sapache.conf and snginx.conf in /home/user/conf/web and also in /usr/local/vestacp/data/users/user/web.conf reset SSL and SSL_LE. You need to add the SSL_LE='' value inside the same config file for old web domains (if the scripts should work with already existing web's, before you implemented the script) - script to automate this for old web domains is in work.
Best Regards
Raphael
Re: Letsencrypt automatic script
thanks for this.. following :D
Re: Letsencrypt automatic script
i get error
mean have some command not found ,
any idea how to patch it
also take look into it , to update script to handle multiple sub domain issue under one certificate will be good
thanks
Code: Select all
/usr/local/vesta/bin/v-list-users: line 95: column: command not found
Code: Select all
v-list-users
any idea how to patch it
also take look into it , to update script to handle multiple sub domain issue under one certificate will be good
Code: Select all
https://github.com/interbrite/letsencrypt-vesta
Re: Letsencrypt automatic script
LetsEncrypt support added.
CLI commands for now, GUI will be later.
ENG: viewtopic.php?t=11927
RUS: viewtopic.php?t=11905
CLI commands for now, GUI will be later.
Code: Select all
v-add-letsencrypt-domain USER DOMAIN [ALIASES] [RESTART]
v-add-letsencrypt-user USER [EMAIL]
v-check-letsencrypt-domain USER DOMAIN
v-list-letsencrypt-user USER [FORMAT]
v-sign-letsencrypt-csr USER DOMAIN CSR_DIR [FORMAT]
v-update-letsencrypt-ssl
RUS: viewtopic.php?t=11905