We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
ok, thank you!
so i have to issue the certificate on my own and then pass the path to the file to the v-change-sys-vesta-ssl script, right?
so i have to issue the certificate on my own and then pass the path to the file to the v-change-sys-vesta-ssl script, right?
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
Feature you may want to consider.
Generating Strong Diffie-Hellman Group
see viewtopic.php?t=11425
For Nginx
Run below to create a strong Diffie-Hellman group.
or 2048
This code aslo disables ssl_protocals except for TLSv1.2 for modern browsers, but you don't have to just leave ssl_protocals as it was originally.
Find Line # SSL PCI Compliance and replace with
Restart nginx
Generating Strong Diffie-Hellman Group
see viewtopic.php?t=11425
For Nginx
Run below to create a strong Diffie-Hellman group.
Code: Select all
sudo openssl dhparam -out /etc/nginx/dhparams.pem 4096
This code aslo disables ssl_protocals except for TLSv1.2 for modern browsers, but you don't have to just leave ssl_protocals as it was originally.
Code: Select all
sudo nano /etc/nginx/nginx.conf
Code: Select all
# SSL PCI Compliance
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_dhparam /etc/nginx/dhparams.pem;
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
Yes.apachler wrote:ok, thank you!
so i have to issue the certificate on my own and then pass the path to the file to the v-change-sys-vesta-ssl script, right?
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
Hello,
I do get this error although i have installed the latets pip version:
pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7)
Command "python setup.py egg_info" failed with error code -9 in /tmp/pip-build-f 7lKZJ/zope.interface
You are using pip version 8.0.3, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
ERROR: Something went wrong. Check output above.
How to fix this?
I do get this error although i have installed the latets pip version:
pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7)
Command "python setup.py egg_info" failed with error code -9 in /tmp/pip-build-f 7lKZJ/zope.interface
You are using pip version 8.0.3, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
ERROR: Something went wrong. Check output above.
How to fix this?
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
It's related to letsencrypt certbot script (downloaded from https://github.com/certbot/certbot ) - and I can't provide support for it (because I didn't developed it).amitz wrote:Hello,
I do get this error although i have installed the latets pip version:
pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7)
Command "python setup.py egg_info" failed with error code -9 in /tmp/pip-build-f 7lKZJ/zope.interface
You are using pip version 8.0.3, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
ERROR: Something went wrong. Check output above.
How to fix this?
Be free to ask this question on their official support forum - https://github.com/certbot/certbot/issues - or - https://community.letsencrypt.org/
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
Read through the begining and the end of the thread. It sounds like a very good script and would it not be good to incorporate directly into VESTA as a button next to the SSL check box?
When I tried the let's encrypt button, I didn't get my details filled in and had some issues.
My question is as this is a very old post - The current version is the script from the OP still working and in use with the latest VESTA? Should I download and run it or is the native VESTA operation now better and working well?
When I tried the let's encrypt button, I didn't get my details filled in and had some issues.
My question is as this is a very old post - The current version is the script from the OP still working and in use with the latest VESTA? Should I download and run it or is the native VESTA operation now better and working well?
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
Script will not be incorporated into Vesta because Vesta has its own LetsEncrypt implementation.
But, there are two reasons why my scripts exists.
1) As you already said, Vestas LE implementation still does not work very well
2) Still there is no option in GUI to implement LE cert to all daemons
Current version of my script works fine with latest VestaCP.
But, there are two reasons why my scripts exists.
1) As you already said, Vestas LE implementation still does not work very well
2) Still there is no option in GUI to implement LE cert to all daemons
Current version of my script works fine with latest VestaCP.
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
I can't use this script anymore,
I installed vestacp on a clean server but I get:
Command "python setup.py egg_info" failed with error code -9 in /tmp/pip-build-f 7lKZJ/zope.interface
You are using pip version 8.0.3, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
ERROR: Something went wrong. Check output above.
Even if i update pip to version 9.0.1.
I tried with a clean vestacp install on centos 6 64, centos 6 32, centos 7 64, debian 7 and ubuntu 16.10.
I installed vestacp on a clean server but I get:
Command "python setup.py egg_info" failed with error code -9 in /tmp/pip-build-f 7lKZJ/zope.interface
You are using pip version 8.0.3, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
ERROR: Something went wrong. Check output above.
Even if i update pip to version 9.0.1.
I tried with a clean vestacp install on centos 6 64, centos 6 32, centos 7 64, debian 7 and ubuntu 16.10.
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
it's a bug in https://github.com/letsencrypt/letsencrypt
I will check what is going on.
I will check what is going on.
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
Checked, everything is working just fine on Debian 8.7, there is no bug.