Page 4 of 5
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
Posted: Mon Dec 12, 2016 8:42 pm
by apachler
ok, thank you!
so i have to issue the certificate on my own and then pass the path to the file to the v-change-sys-vesta-ssl script, right?
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
Posted: Mon Dec 12, 2016 9:54 pm
by delebash
Feature you may want to consider.
Generating Strong Diffie-Hellman Group
see
viewtopic.php?t=11425
For Nginx
Run below to create a strong Diffie-Hellman group.
Code: Select all
sudo openssl dhparam -out /etc/nginx/dhparams.pem 4096
or 2048
This code aslo disables ssl_protocals except for TLSv1.2 for modern browsers, but you don't have to just leave ssl_protocals as it was originally.
Find Line # SSL PCI Compliance and replace with
Code: Select all
# SSL PCI Compliance
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_dhparam /etc/nginx/dhparams.pem;
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
Restart nginx
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
Posted: Thu Dec 15, 2016 10:42 am
by dpeca
apachler wrote:ok, thank you!
so i have to issue the certificate on my own and then pass the path to the file to the v-change-sys-vesta-ssl script, right?
Yes.
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
Posted: Fri Dec 16, 2016 2:48 pm
by amitz
Hello,
I do get this error although i have installed the latets pip version:
pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7)
Command "python setup.py egg_info" failed with error code -9 in /tmp/pip-build-f 7lKZJ/zope.interface
You are using pip version 8.0.3, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
ERROR: Something went wrong. Check output above.
How to fix this?
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
Posted: Mon Dec 19, 2016 10:00 am
by dpeca
amitz wrote:Hello,
I do get this error although i have installed the latets pip version:
pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7)
Command "python setup.py egg_info" failed with error code -9 in /tmp/pip-build-f 7lKZJ/zope.interface
You are using pip version 8.0.3, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
ERROR: Something went wrong. Check output above.
How to fix this?
It's related to letsencrypt certbot script (downloaded from
https://github.com/certbot/certbot ) - and I can't provide support for it (because I didn't developed it).
Be free to ask this question on their official support forum -
https://github.com/certbot/certbot/issues - or -
https://community.letsencrypt.org/
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
Posted: Wed Dec 21, 2016 1:59 pm
by kinnth
Read through the begining and the end of the thread. It sounds like a very good script and would it not be good to incorporate directly into VESTA as a button next to the SSL check box?
When I tried the let's encrypt button, I didn't get my details filled in and had some issues.
My question is as this is a very old post - The current version is the script from the OP still working and in use with the latest VESTA? Should I download and run it or is the native VESTA operation now better and working well?
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
Posted: Wed Dec 21, 2016 9:50 pm
by dpeca
Script will not be incorporated into Vesta because Vesta has its own LetsEncrypt implementation.
But, there are two reasons why my scripts exists.
1) As you already said, Vestas LE implementation still does not work very well
2) Still there is no option in GUI to implement LE cert to all daemons
Current version of my script works fine with latest VestaCP.
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
Posted: Fri Jan 06, 2017 5:46 am
by Harry77
I can't use this script anymore,
I installed vestacp on a clean server but I get:
Command "python setup.py egg_info" failed with error code -9 in /tmp/pip-build-f 7lKZJ/zope.interface
You are using pip version 8.0.3, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
ERROR: Something went wrong. Check output above.
Even if i update pip to version 9.0.1.
I tried with a clean vestacp install on centos 6 64, centos 6 32, centos 7 64, debian 7 and ubuntu 16.10.
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
Posted: Wed Jan 11, 2017 3:52 pm
by dpeca
it's a bug in
https://github.com/letsencrypt/letsencrypt
I will check what is going on.
Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it
Posted: Fri Jan 27, 2017 3:06 pm
by dpeca
Checked, everything is working just fine on Debian 8.7, there is no bug.