Vesta Control Panel - Forum

Community Forum
https://forum.vestacp.com/

Letsencrypt automatic script

https://forum.vestacp.com/viewtopic.php?f=19&t=10028

Page 2 of 2

Re: Letsencrypt automatic script - Suggestion about CMS use

Posted: Thu Dec 31, 2015 2:38 am
by kodiak
vlahonick wrote:I would like to suggest you adding a "fix" in this automatic script for users to be able to use it with Drupal or other CMS.
I didn't have the time to test your script thoroughly but is a known Let's Encrypt bug to have broken authorization when used with Drupal (https://community.letsencrypt.org/t/dru ... ation/3014).

The problem is that the Drupal .htaccess (I will soon try to reproduce the problem in Joomla and WordPress) breaks the issuing of the certificate and it has to be temporarily removed so you can successfully issue the certificate.

The solution is a simple command and it would be awesome if you implement another checkbox in Vesta UI, something like "Certificate for CMS" and when ticked by the user to have it run the command below...
Another solution to this would be to move the Let's Encrypt "webroot" outside of the site itself and then use an Alias in Apache (or Nginx) to direct requests to it. Doing it this way, Apache directs all verification requests away from the site itself, so the site's .htaccess never gets in the way, so there's no need to mess with any of the site files.

You can create a letsencrypt.conf file in Apache's conf.d directory:

Code: Select all

Alias /.well-known/acme-challenge /etc/letsencrypt/webroot/.well-known/acme-challenge
And then use "--webroot -w /etc/letsencrypt/webroot" in your letsencrypt command for all domains. Note that you'll need to create the /etc/letsencrypt/webroot directory for this to work.

Re: Letsencrypt automatic script - Suggestion about CMS use

Posted: Thu Dec 31, 2015 11:08 am
by ScIT
kodiak wrote: Another solution to this would be to move the Let's Encrypt "webroot" outside of the site itself and then use an Alias in Apache (or Nginx) to direct requests to it. Doing it this way, Apache directs all verification requests away from the site itself, so the site's .htaccess never gets in the way, so there's no need to mess with any of the site files.

You can create a letsencrypt.conf file in Apache's conf.d directory:

Code: Select all

Alias /.well-known/acme-challenge /etc/letsencrypt/webroot/.well-known/acme-challenge
And then use "--webroot -w /etc/letsencrypt/webroot" in your letsencrypt command for all domains. Note that you'll need to create the /etc/letsencrypt/webroot directory for this to work.
Hi Kodiak

Lordcris's Script already use the way for authentification over webroot. So no conflict with the Drupal Bug.

I implemented your sugest with the apache2 alias in my templates, works like a charm.

The scripts will be released in 2-3 Days, but need some testing from the crowd.

Best Regards
Raphael

Re: Letsencrypt automatic script

Posted: Fri Jan 01, 2016 3:52 pm
by ScIT
Hi @all

First version of the modification work is now online: https://github.com/ScIT-Informatik-GmbH ... etsEncrypt

PLEASE DO NOT USE IT IN PRODUCTIVE ENVROIMENT!

Still in development, atm there are no "how to's". For all Developers: Please take a look and feel free to correct my work, my programming skills are like the script in "development" :).

Best Regards
Raphael

Re: Letsencrypt automatic script

Posted: Sat Jan 02, 2016 8:40 pm
by efinstorm
ScIT wrote:Hi @all
First version of the modification work is now online: https://github.com/ScIT-Informatik-GmbH ... etsEncrypt

PLEASE DO NOT USE IT IN PRODUCTIVE ENVROIMENT!

Still in development, atm there are no "how to's". For all Developers: Please take a look and feel free to correct my work, my programming skills are like the script in "development" :).

Best Regards
Raphael
Thanks for posting your script I tried it on one of my dev servers. Got everything up and running after giving the right permissions to the bash file and generating an dhparam for nginx. Only issue I found is when you try the delete the domain from the panel. I get this error in nginx and the panel returns an error 12.

Code: Select all

nginx: [emerg] BIO_new_file("/home/admin/conf/web/ssl.test.xxxxxx.net.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/home/admin/conf/web/ssl.test.xxxxx.net.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

Edit:
If fixed my issue by opening /usr/local/vesta/data/users/admin/web.conf and setting SSL to no and then running this command

Code: Select all

v-rebuild-web-domains admin
Thanks.

Re: Letsencrypt automatic script

Posted: Sat Jan 02, 2016 8:58 pm
by ScIT
efinstorm wrote:Thanks for posting your script I tried it on one of my dev servers. Got everything up and running after giving the right permissions to the bash file and generating an dhparam for nginx. Only issue I found is when you try the delete the domain from the panel. I get this error in nginx and the panel returns an error 12.

Code: Select all

nginx: [emerg] BIO_new_file("/home/admin/conf/web/ssl.test.xxxxxx.net.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/home/admin/conf/web/ssl.test.xxxxx.net.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed
Thanks.
Hi efnistorm

This is correct, if you have the nginx template "Default" in Web Settings, the Template in /home/user/conf/web/snginx.conf can't be removed correctly. Atm I haven't found any solution but opened an bug inside of GitHub: https://github.com/ScIT-Informatik-GmbH ... t/issues/1

Please feel free to help develop this modification and send your modified source over GitHub.

PS: If you use "caching" nginx profile, the remove process works correctly.

PPS: You can resolv the issue, when you remove the certificate and settings manualy (remove sapache.conf and snginx.conf in /home/user/conf/web and also in /usr/local/vestacp/data/users/user/web.conf reset SSL and SSL_LE. You need to add the SSL_LE='' value inside the same config file for old web domains (if the scripts should work with already existing web's, before you implemented the script) - script to automate this for old web domains is in work.

Best Regards
Raphael

Re: Letsencrypt automatic script

Posted: Thu Jan 14, 2016 12:21 am
by pandabb
thanks for this.. following :D

Re: Letsencrypt automatic script

Posted: Wed Jan 20, 2016 5:16 am
by darkworks
i get error

Code: Select all

/usr/local/vesta/bin/v-list-users: line 95: column: command not found
mean

Code: Select all

v-list-users
have some command not found ,
any idea how to patch it

also take look into it , to update script to handle multiple sub domain issue under one certificate will be good

Code: Select all

https://github.com/interbrite/letsencrypt-vesta
thanks

Re: Letsencrypt automatic script

Posted: Wed Jul 20, 2016 8:13 am
by skurudo
LetsEncrypt support added.
CLI commands for now, GUI will be later.

Code: Select all

v-add-letsencrypt-domain USER DOMAIN [ALIASES] [RESTART]
v-add-letsencrypt-user USER [EMAIL]
v-check-letsencrypt-domain USER DOMAIN
v-list-letsencrypt-user USER [FORMAT]
v-sign-letsencrypt-csr USER DOMAIN CSR_DIR [FORMAT]
v-update-letsencrypt-ssl
ENG: viewtopic.php?t=11927
RUS: viewtopic.php?t=11905
All times are UTC
Page 2 of 2
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/