Page 3 of 4

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Posted: Wed Nov 30, 2016 10:02 pm
by misak35
I think I used this script, and now I have issue with LE GUI,

Code: Select all

Error: /tmp/tmp.krDopo9HWG/mydomainname.crt not found
Can someone help me.

Thanks

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Posted: Thu Dec 01, 2016 1:13 pm
by dpeca
Loc_rabbirt wrote:Hi,

Thank you so much for your script. I don't check it until now. I have problem here with the details below:

Code: Select all

Failed authorization procedure. domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge [z6rqH3NyOYBaRed8wlAx1i3T1nhI-m3xX8U-XHvkR_U.kjZFnssi88QbqQmqT5aoFZIHmGNQJRjma7_iA-xxx] != [z6rqH3NyOYBaRed8wlAx1i3T1nhI-m3xX8U-XHvkR_U.HroLKHp_NxjfUjx-2lFC61bb9nJ_wnjgluBRAxxx]
I'm followed your old reply: viewtopic.php?f=19&t=12617#p50574.

Maybe you can help me know what do to do now? I think the problem by I had using the let's encrypt gui in vestacp admin before run your script. Maybe it's the problem here.
I think your DNS is not pointing to your server for that domain.
Or you moved site to new server recently - and you need to wait 24h for DNS propagation.

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Posted: Thu Dec 01, 2016 1:15 pm
by dpeca
misak35 wrote:I think I used this script, and now I have issue with LE GUI,

Code: Select all

Error: /tmp/tmp.krDopo9HWG/mydomainname.crt not found
Can someone help me.

Thanks
Bug is not related with my script, I think bug is in Vesta LE scripts.

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Posted: Thu Dec 01, 2016 7:51 pm
by Loc_rabbirt
dpeca wrote: I think your DNS is not pointing to your server for that domain.
Or you moved site to new server recently - and you need to wait 24h for DNS propagation.
Thank you, I got the problem fixed :)

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Posted: Mon Dec 05, 2016 1:47 pm
by apachler
dpeca wrote:
apachler wrote:this script is needed in v17 also? No way to make Vesta using Lets Encrypt for all services by default?
I will check it... I saw one command that Serghey built before one month.
any news here?

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Posted: Fri Dec 09, 2016 10:14 am
by starter
Thank you dpeca for this nice script!
You should put it on github.

I have a question though: how could I add aliases of the domain or other subdomains that I want the certificate to be valid with ?

This script only uses the domain without www, but normally one would at least need one with and without the www..
Secondly, it would be even better to be able to add other subdomains, such as those for the mail sever.

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Posted: Fri Dec 09, 2016 11:20 am
by dpeca
starter wrote:I have a question though: how could I add aliases of the domain or other subdomains that I want the certificate to be valid with ?
No way to do that.
Use Vesta letsencrypt built-in functionality for that.
starter wrote:This script only uses the domain without www, but normally one would at least need one with and without the www..
Are you sure about this?
Are we talking about server hostname or about another domain on server?

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Posted: Fri Dec 09, 2016 1:24 pm
by starter
dpeca wrote:Are you sure about this?
Are we talking about server hostname or about another domain on server?
I talk about the host. Is there a reason you don't add the www on line 106 but do so for the non-host domains ?


Here is a way for the smpt and/or imap domains to be referenced by the Let's Encrypt certificate:

Suppose that your smtp and imap servers are on the same email subdomain of your host domain and it already have its DNS A record.
First, you must add this subdomain as an alias of your web server. Let's Encrypt ACME validation uses the webport.
Then modify the script by adding your subdomain on line 106.

Example with also the www for the host domain (lines 105-109):

Code: Select all

if [[ $hostname == $domain ]]; then
    ./letsencrypt-auto certonly --renew-by-default --webroot -w /home/$user/web/$domain/public_html -d $domain -d www.$domain -d mail.$domain
else
    ./letsencrypt-auto certonly --renew-by-default --webroot -w /home/$user/web/$domain/public_html -d $domain -d www.$domain
fi
Generate your certificates, and this time you will also have valid imap & smtp certificates without any warning from your email clients.

Note: If you already generated your certificates with this script, it is a bit trickier. Prior I had to delete the certificates in /home/admin/conf/web and modify the script so that it accepts a renewal altough the supposed validity of the current ones.

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Posted: Fri Dec 09, 2016 1:35 pm
by dpeca
starter wrote:I talk about the host. Is there a reason you don't add the www on line 106 but do so for the non-host domains ?
The reason is that if your server hostname is server5.mycompany.com and your server is not hosting DNS for mycompany.com (let's say you are using Godaddy DNS), then, in most cases, people will not create A record for www.server5.mycompany.com - and generating SSL will fail :)

Since I see that you found that if line in my script, be free to remove it and add -d for other subdomains :)

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Posted: Sat Dec 10, 2016 3:09 pm
by dpeca
apachler wrote:
dpeca wrote:
apachler wrote:this script is needed in v17 also? No way to make Vesta using Lets Encrypt for all services by default?
I will check it... I saw one command that Serghey built before one month.
any news here?
https://github.com/serghey-rodin/vesta/ ... -vesta-ssl