Page 3 of 6

Re: Let's Encrypt for VestaCP System (8083) and exim4

Posted: Sat Sep 30, 2017 9:09 am
by mehargags
@JakeTheDog420:
Such discouraging statements only show your innocence and unfamiliarity with the Linux system.

As my friend ScIT mentioned...this is an actively involved community... FREE Service... not paid for the time and efforts involved here. So do not compare this with the Spoon-fed bloatware yet expensive shit like cPanel. Infact I feel VestaCP is the only free Web Panel after Webmin to actually provide such an easy interface yet also LEARN Linux and the underlying configs.

Please do keep patience and read. Do not shame the community for not being active, we are trying our best with the time and efforts we have.

Re: Let's Encrypt for VestaCP System (8083) and exim4

Posted: Mon Oct 16, 2017 6:05 pm
by JakeTheDog420
mehargags wrote:@JakeTheDog420:
Such discouraging statements only show your innocence and unfamiliarity with the Linux system.

As my friend ScIT mentioned...this is an actively involved community... FREE Service... not paid for the time and efforts involved here. So do not compare this with the Spoon-fed bloatware yet expensive shit like cPanel. Infact I feel VestaCP is the only free Web Panel after Webmin to actually provide such an easy interface yet also LEARN Linux and the underlying configs.

Please do keep patience and read. Do not shame the community for not being active, we are trying our best with the time and efforts we have.
I wasn't trying to shame the community simply pointing out the fact its a shame it isn't more active. I understand you're trying your best with your time please don't take my message offensively. And you are correct I am unfamiliar with linux but I am trying to learn.

Also ScIT please could you go into further detail about the key mismatch? It seems my problem hasn't gone away and I'm trying now to figure a way to fix it without having to start fresh as I have some site files and email accounts configured I dont want to loose.

I think I may have removed the default domain and now it hasnt refreshed the certificate like you said but I am not 100%... What's the best route I can take to get back into vestacp? port 8083 is being refused and when I try to restart the service through terminal I get this error.

Code: Select all

[....] Restarting vesta-nginx: vesta-nginxnginx: [emerg] SSL_CTX_use_PrivateKey_file("/usr/local/vesta/ssl/certificate.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
Thanks for your help, apologies if you took my last message in the wrong tone. If anything I was talking positively of VestaCP by saying how much of a shame it is the community isn't more alive as it deserves to be.

All the best
JakeTheDog

Re: Let's Encrypt for VestaCP System (8083) and exim4

Posted: Wed Oct 25, 2017 4:46 pm
by JakeTheDog420
ScIT wrote:
JakeTheDog420 wrote: Shame this forum isn't more active I feel like vesta has a lot to offer but without an active community many people probably move to cpanel or possibly even other free options with more active communities.. Anyway I'll post this in the other places I saw similar issues where I posted looking for help here so maybe it can help others (Y)
The forum is not inactiv, here is still life :).
JakeTheDog420 wrote: Starting vesta-nginx: nginx: [emerg] SSL_CTX_use_PrivateKey_file("/usr/local/vesta/ssl/certificate.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
For the missmatch problem it is quite simple: The published script just compares and copy the cert files, like you wrote on your post (you do just the steps manualy, missed to set the permission).

The script is only a few lines long and also do not use complicated commands. So if you configure it properly (set the right user and domain name) the script will work without any troubles. Also you should not delete the web domain you used for the let's encrypt domain. otherwise the cert will not be refreshed anymore.

For VestaCP there is a bit of linux base knowledge needed, to understand his processes and how it is working. Maybe have a look at the script, try to understand what it does and also maybe why it could not work on your system (or why it stopped working after some time).

I realised the issue is with your script do you think you'd be able to tell me the correct commands to use im place of your script?

I'm running on a Debian 7 server I think although it might be debian 8 now...

I get the following error emailed to me from the cron job...

Code: Select all

/etc/cron.daily/exim4-base:
LOG: MAIN
  Warning: purging the environment.
 Suggested action: use keep_environment.
/etc/cron.daily/vesta_ssl:
/etc/cron.daily/vesta_ssl: line 5: if: command not found
/etc/cron.daily/vesta_ssl: line 6: /home/admin/conf/web/ssl.REDACTED.com.pem: Permission denied
cp: missing destination file operand after `/home/admin/conf/web/ssl.REDACTED.com.key'
Try `cp --help' for more information.
chown: missing operand after `root:mail'
Try `chown --help' for more information.
I also get more or less the same errors running vesta_ssl manually.

To get the mismatch to work I do parts of the script manually which works. Its the automation part of your script which is broken/not set up for this OS maybe?

Code: Select all

   	cp $cert_src $cert_dst

        # Copy Keyfile
        cp $key_src $key_dst

        # Change Permission
        chown root:mail $cert_dst
        chown root:mail $key_dst

        # Restart Services
        service vesta restart &> /dev/null
        service exim4 restart &> /dev/null
These commands work but as I'm doing them manually I don't use variables I just type the full destination that the scripts variables would have given it.

Its the if statements etc that aren't being recognised I think so yes any help would be greatly appreciated as currently I just have to wait for the sites control panel to randomly stop working then issue a new certificate and manually do these commands myself...

Didn't have these issues prior to using your script..

Thanks in advance

Re: Let's Encrypt for VestaCP System (8083) and exim4

Posted: Thu Oct 26, 2017 7:15 am
by mehargags
For the Exim environment error you are getting
run

Code: Select all

exim4 -bP | grep environment
if you get " Warning: purging the environment."

Code: Select all

nano /etc/exim4/exim4.conf.template
and at the top put this

Code: Select all

	add_environment=<; PATH=/bin:/usr/bin
	keep_environment=

Re: Let's Encrypt for VestaCP System (8083) and exim4

Posted: Thu Oct 26, 2017 7:36 pm
by JakeTheDog420
mehargags wrote:For the Exim environment error you are getting
run

Code: Select all

exim4 -bP | grep environment
if you get " Warning: purging the environment."

Code: Select all

nano /etc/exim4/exim4.conf.template
and at the top put this

Code: Select all

	add_environment=<; PATH=/bin:/usr/bin
	keep_environment=
Amazing thank you! This basically fixed my issue! From here I was able to figure out the remaining issue with the script! Seems the if statement was copied wrong so was on the same line as the previous command! Now I spaced it all out correctly along with the code you told me to add I restarted exim and tried running ./vesta_ssl manually and got NO errors at all! Not sure if this fixes my SSL issue long-term only time will tell for that but your fix is greatly appreciated!! :)

Hope there's no hard feelings between us!

Re: Let's Encrypt for VestaCP System (8083) and exim4

Posted: Wed Nov 01, 2017 10:29 am
by sifur
Hello,
I added this script to /etc/cron.daily manually using SFTP, I checked permission, double checked the script options.
Unfortunately, I can't see any changes. No error, No success!

I'm using Ubuntu 16, with Vesta installer script default configuration (Apache, Nginx, PHP7)

Is this script still working please?

Re: Let's Encrypt for VestaCP System (8083) and exim4

Posted: Thu Nov 09, 2017 8:16 am
by ScIT
sifur wrote:Hello,
I added this script to /etc/cron.daily manually using SFTP, I checked permission, double checked the script options.
Unfortunately, I can't see any changes. No error, No success!

I'm using Ubuntu 16, with Vesta installer script default configuration (Apache, Nginx, PHP7)

Is this script still working please?
The script is working, please use ssh to check if it works when you run it manualy ./vesta_ssl.

Re: Let's Encrypt for VestaCP System (8083) and exim4

Posted: Thu Jan 04, 2018 8:26 am
by henri
The script doesn't work in Debian or Ubuntu as Exim4 uses here the Debian-exim user and Debian-exim group instead of mail.
So

Code: Select all

        # Change Permission
        chown root:mail $cert_dst
        chown root:mail $key_dst
should be in Debian/Ubuntu

Code: Select all

        # Change Permission
        chown root:Debian-exim $cert_dst
        chown root:Debian-exim $key_dst
Would be good to have a variable to configure this and a hint. :)

Re: Let's Encrypt for VestaCP System (8083) and exim4

Posted: Thu Jan 04, 2018 8:30 am
by ScIT
henri wrote:The script doesn't work in Debian or Ubuntu as Exim4 uses here the Debian-exim user and Debian-exim group instead of mail.
So

Code: Select all

        # Change Permission
        chown root:mail $cert_dst
        chown root:mail $key_dst
should be in Debian/Ubuntu

Code: Select all

        # Change Permission
        chown root:Debian-exim $cert_dst
        chown root:Debian-exim $key_dst
Would be good to have a variable to configure this and a hint. :)
Can you share your ubuntu and debian version? my script runs perfectly on ubuntu 14.04 and 16.04

Re: Let's Encrypt for VestaCP System (8083) and exim4

Posted: Thu Jan 04, 2018 1:30 pm
by henri
Sorry I was wrong. I thought I used the mail group some time ago and it doesn't work but maybe that was another problem.

I realized now that Vesta adds the Debian-exim user to the mail group in the Debian install script.
https://github.com/serghey-rodin/vesta/ ... n.sh#L1049