Page 1 of 6

Let's Encrypt for VestaCP System (8083) and exim4

Posted: Wed Nov 09, 2016 10:06 am
by ScIT
VestaCP has now a integrated way to solve the request: viewtopic.php?f=10&t=17353

Hi @ all

For our internal VestaCP Systems I've written a short script to use the Let's Encrypt SSL Certificates for VestaCP (8083) and exim4.

First of all:
- Create your domain in WEB (for example server.domain.tld)
- Add a Let's Encrypt Certificate with v-add-letsencrypt-domain user domain
- Create and modify the script you will find here: https://git.scit.ch/rs/VestaCP-SystemSSL

Tested on Ubuntu 14.04 and Debian 8.

Please let me know if it also works for you, if you have any problems post it here or use the "Issue"-Function from our GitLab Server.

Why you should use this way instead of "create only symlinks of the cert files": viewtopic.php?p=56451#p56428

Re: Let's Encrypt for VestaCP System (8083) and exim4

Posted: Wed Nov 23, 2016 7:23 am
by core01
Is this script actual?

Can i use LE cert for sending mail ?

Re: Let's Encrypt for VestaCP System (8083) and exim4

Posted: Thu Nov 24, 2016 8:47 am
by ScIT
core01 wrote:Is this script actual?

Can i use LE cert for sending mail ?
yes script is actual, don't know what you exactly mean with "sending email". But but it will also work for exim4 service, so you will have a trusted cert.

script is working on 4 productive web, and 4 "dns-only" servers.

Re: Let's Encrypt for VestaCP System (8083) and exim4

Posted: Thu Nov 24, 2016 4:24 pm
by core01
ScIT wrote:
core01 wrote:Is this script actual?

Can i use LE cert for sending mail ?
yes script is actual, don't know what you exactly mean with "sending email". But but it will also work for exim4 service, so you will have a trusted cert.

script is working on 4 productive web, and 4 "dns-only" servers.
I mean Can i use SSL Certificates with Exim http://www.exim.org/exim-html-current/d ... lsssl.html

Re: Let's Encrypt for VestaCP System (8083) and exim4

Posted: Thu Nov 24, 2016 7:31 pm
by ScIT
core01 wrote:I mean Can i use SSL Certificates with Exim http://www.exim.org/exim-html-current/d ... lsssl.html
Yes, if your exim is pointed to the vestacp ssl certs (as far as i know this should be by default), it will work and also restart exim4 automatically.

Re: Let's Encrypt for VestaCP System (8083) and exim4

Posted: Sat Nov 26, 2016 8:33 pm
by core01
Hmm, i tried certificates and phpmailer can't send email on php > 5.6
https://github.com/PHPMailer/PHPMailer/ ... nistic-tls
I can't

Code: Select all

$mail->SMTPAutoTLS = false;
in my web application because modifying core classes of CMS is bad.

Re: Let's Encrypt for VestaCP System (8083) and exim4

Posted: Sat Nov 26, 2016 8:37 pm
by ScIT
core01 wrote:Hmm, i tried certificates and phpmailer can't send email on php > 5.6
https://github.com/PHPMailer/PHPMailer/ ... nistic-tls
I can't

Code: Select all

$mail->SMTPAutoTLS = false;
in my web application because modifying core classes of CMS is bad.
Please open a new thread for your problem. This is not related to my script, my script only checks if the vesta cp ssl cert is older than existing one, replace it and restart the services.

Re: Let's Encrypt for VestaCP System (8083) and exim4

Posted: Thu Dec 01, 2016 12:37 am
by SS88
core01 wrote:Can i use LE cert for sending mail ?
You need a full CA for exim - one certificate from LE will not work.

Re: Let's Encrypt for VestaCP System (8083) and exim4

Posted: Sun Jan 08, 2017 5:42 am
by xjlin0
Just want to share, I used ScIT's script to copy my Let's encrypt cert/key and it works, I can still sending/receiving ordinary email within Roundcube at https://my.site/webmail/ No TLS errors while enjoy VestaCP panel under https.

My system is Debian 8.6 Jessie, with PHP 5.6.29 and Vesta CP 0.9.8.17, with exim+dovecot+spamassassin+clamav

Re: Let's Encrypt for VestaCP System (8083) and exim4

Posted: Tue Jan 31, 2017 10:32 pm
by billmedina
ln - s /etc/letsencrypt/live/[mydomain.com]/cert.pem /usr/local/vesta/ssl/certificate.crt
ln -s /etc/letsencrypt/live/[mydomain.com]/privkey.pem /usr/local/vesta/ssl/certificate.key
service vesta restart