Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it Topic is solved

Section with additional software for Vesta
misak35
Posts: 60
Joined: Thu Jan 16, 2014 10:48 am

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Postby misak35 » Wed Nov 30, 2016 10:02 pm

I think I used this script, and now I have issue with LE GUI,

Code: Select all

Error: /tmp/tmp.krDopo9HWG/mydomainname.crt not found
Can someone help me.

Thanks

dpeca
Collaborator
Posts: 234
Joined: Wed Nov 25, 2015 7:30 pm
Location: Serbia

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Postby dpeca » Thu Dec 01, 2016 1:13 pm

Loc_rabbirt wrote:Hi,

Thank you so much for your script. I don't check it until now. I have problem here with the details below:

Code: Select all

Failed authorization procedure. domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge [z6rqH3NyOYBaRed8wlAx1i3T1nhI-m3xX8U-XHvkR_U.kjZFnssi88QbqQmqT5aoFZIHmGNQJRjma7_iA-xxx] != [z6rqH3NyOYBaRed8wlAx1i3T1nhI-m3xX8U-XHvkR_U.HroLKHp_NxjfUjx-2lFC61bb9nJ_wnjgluBRAxxx]


I'm followed your old reply: viewtopic.php?f=19&t=12617#p50574.

Maybe you can help me know what do to do now? I think the problem by I had using the let's encrypt gui in vestacp admin before run your script. Maybe it's the problem here.


I think your DNS is not pointing to your server for that domain.
Or you moved site to new server recently - and you need to wait 24h for DNS propagation.

dpeca
Collaborator
Posts: 234
Joined: Wed Nov 25, 2015 7:30 pm
Location: Serbia

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Postby dpeca » Thu Dec 01, 2016 1:15 pm

misak35 wrote:I think I used this script, and now I have issue with LE GUI,

Code: Select all

Error: /tmp/tmp.krDopo9HWG/mydomainname.crt not found
Can someone help me.

Thanks

Bug is not related with my script, I think bug is in Vesta LE scripts.

Loc_rabbirt
Posts: 12
Joined: Fri Nov 18, 2016 3:36 pm

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Postby Loc_rabbirt » Thu Dec 01, 2016 7:51 pm

dpeca wrote:I think your DNS is not pointing to your server for that domain.
Or you moved site to new server recently - and you need to wait 24h for DNS propagation.


Thank you, I got the problem fixed :)

apachler
Posts: 6
Joined: Wed Sep 21, 2016 10:57 am

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Postby apachler » Mon Dec 05, 2016 1:47 pm

dpeca wrote:
apachler wrote:this script is needed in v17 also? No way to make Vesta using Lets Encrypt for all services by default?

I will check it... I saw one command that Serghey built before one month.


any news here?

starter
Posts: 7
Joined: Thu Dec 08, 2016 11:36 am

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Postby starter » Fri Dec 09, 2016 10:14 am

Thank you dpeca for this nice script!
You should put it on github.

I have a question though: how could I add aliases of the domain or other subdomains that I want the certificate to be valid with ?

This script only uses the domain without www, but normally one would at least need one with and without the www..
Secondly, it would be even better to be able to add other subdomains, such as those for the mail sever.

dpeca
Collaborator
Posts: 234
Joined: Wed Nov 25, 2015 7:30 pm
Location: Serbia

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Postby dpeca » Fri Dec 09, 2016 11:20 am

starter wrote:I have a question though: how could I add aliases of the domain or other subdomains that I want the certificate to be valid with ?

No way to do that.
Use Vesta letsencrypt built-in functionality for that.

starter wrote:This script only uses the domain without www, but normally one would at least need one with and without the www..

Are you sure about this?
Are we talking about server hostname or about another domain on server?

starter
Posts: 7
Joined: Thu Dec 08, 2016 11:36 am

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Postby starter » Fri Dec 09, 2016 1:24 pm

dpeca wrote:Are you sure about this?
Are we talking about server hostname or about another domain on server?


I talk about the host. Is there a reason you don't add the www on line 106 but do so for the non-host domains ?


Here is a way for the smpt and/or imap domains to be referenced by the Let's Encrypt certificate:

Suppose that your smtp and imap servers are on the same email subdomain of your host domain and it already have its DNS A record.
First, you must add this subdomain as an alias of your web server. Let's Encrypt ACME validation uses the webport.
Then modify the script by adding your subdomain on line 106.

Example with also the www for the host domain (lines 105-109):

Code: Select all

if [[ $hostname == $domain ]]; then
    ./letsencrypt-auto certonly --renew-by-default --webroot -w /home/$user/web/$domain/public_html -d $domain -d www.$domain -d mail.$domain
else
    ./letsencrypt-auto certonly --renew-by-default --webroot -w /home/$user/web/$domain/public_html -d $domain -d www.$domain
fi


Generate your certificates, and this time you will also have valid imap & smtp certificates without any warning from your email clients.

Note: If you already generated your certificates with this script, it is a bit trickier. Prior I had to delete the certificates in /home/admin/conf/web and modify the script so that it accepts a renewal altough the supposed validity of the current ones.

dpeca
Collaborator
Posts: 234
Joined: Wed Nov 25, 2015 7:30 pm
Location: Serbia

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Postby dpeca » Fri Dec 09, 2016 1:35 pm

starter wrote:I talk about the host. Is there a reason you don't add the www on line 106 but do so for the non-host domains ?


The reason is that if your server hostname is server5.mycompany.com and your server is not hosting DNS for mycompany.com (let's say you are using Godaddy DNS), then, in most cases, people will not create A record for www.server5.mycompany.com - and generating SSL will fail :)

Since I see that you found that if line in my script, be free to remove it and add -d for other subdomains :)

dpeca
Collaborator
Posts: 234
Joined: Wed Nov 25, 2015 7:30 pm
Location: Serbia

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Postby dpeca » Sat Dec 10, 2016 3:09 pm

apachler wrote:
dpeca wrote:
apachler wrote:this script is needed in v17 also? No way to make Vesta using Lets Encrypt for all services by default?

I will check it... I saw one command that Serghey built before one month.


any news here?


https://github.com/serghey-rodin/vesta/ ... -vesta-ssl


Return to “3rd Party Software”



Who is online

Users browsing this forum: No registered users and 6 guests

cron