We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Letsencrypt automatic script
Letsencrypt automatic script
Hello,
I've written a simple script to install and renew letsencrypt certificates.
I'm assuming you are using nginx as a proxy or web server. The script will try and generate a certificate for every domain of every user.
Here is how to use it.
1) Install git
2)Clone letsencrypt repository (I'm assuming you will be working as root in your /root directory):
3) create a /etc/letsencrypt directory and save a file in it called webroot.ini (just fill your correct email address)
4) edit the templates you are using situated in /usr/local/vesta/data/templates/web/nginx
the default ones are default.tpl and default.stpl
and add
in the server section. then reload your nginx configuration
5) create a script with the following content
and run it. It should obtain and install your certificates.
If you run it again it should renew the ones older than 60 days.
you can add it to your crontab and execute it twice a month.
good luck
I've written a simple script to install and renew letsencrypt certificates.
I'm assuming you are using nginx as a proxy or web server. The script will try and generate a certificate for every domain of every user.
Here is how to use it.
1) Install git
2)Clone letsencrypt repository (I'm assuming you will be working as root in your /root directory):
Code: Select all
user@webserver:~$ git clone https://github.com/letsencrypt/letsencrypt
user@webserver:~$ cd letsencrypt
Code: Select all
# webroot.ini general config ini
rsa-key-size = 4096
email = [email protected]
text = True
agree-tos = True
#agree-dev-preview = 1
renew-by-default = True
authenticator = webroot
webroot-path = /etc/letsencrypt
the default ones are default.tpl and default.stpl
and add
Code: Select all
location /.well-known/acme-challenge {
alias /etc/letsencrypt/.well-known/acme-challenge;
location ~ /.well-known/acme-challenge/(.*) {
add_header Content-Type text/plain;
}
}
5) create a script with the following content
Code: Select all
#!/bin/bash
#creates or renews (if older than 60 days) certificates for all domains
MAXAGE=$(echo '60*24*60*60' | bc) # seconds in 60 days
cd /root/letsencrypt
for u in $(v-list-users | cut -f1 -d' ' | tail -n+3)
do
for f in $(v-list-dns-domains $u | cut -f1 -d' ' | tail -n+3)
do
#FILEAGE=$(($(date +%s) - $(stat -c '%Y' "/etc/letsencrypt/live/$f")))
if [ ! -d "/etc/letsencrypt/live/$f" ] || [ ! $(($(date +%s) - $(stat -c '%Y' "/etc/letsencrypt/live/$f"))) -lt $MAXAGE ]; then
./letsencrypt-auto -c /etc/letsencrypt/webroot.ini -d $f -d www.$f certonly
[[ -e /etc/letsencrypt/live/$f ]] && cp -Lr --remove-destination /etc/letsencrypt/live/$f/fullchain.pem /home/$u/conf/web/ssl.$f.pem
[[ -e /etc/letsencrypt/live/$f ]] && cp -Lr --remove-destination /etc/letsencrypt/live/$f/privkey.pem /home/$u/conf/web/ssl.$f.key
[[ -e /etc/letsencrypt/live/$f ]] && cp -Lr --remove-destination /etc/letsencrypt/live/$f/cert.pem /home/$u/conf/web/ssl.$f.crt
[[ -e /etc/letsencrypt/live/$f ]] && cp -Lr --remove-destination /etc/letsencrypt/live/$f/chain.pem /home/$u/conf/web/ssl.$f.ca
fi
done
done
service nginx reload
cd "$OLDPWD"
If you run it again it should renew the ones older than 60 days.
you can add it to your crontab and execute it twice a month.
good luck
Last edited by lordcris on Tue Dec 22, 2015 8:12 am, edited 1 time in total.
Re: Letsencrypt automatic script
Hi,
following your instructions but when running the script in step 5 i get the following
I have cloned into /root/letsencrypt
and created the webroot.ini file here /etc/letsencrypt
any help would be appreciated. Im running ubuntu 14.04
following your instructions but when running the script in step 5 i get the following
Code: Select all
update.sh: 4: update.sh: Syntax error: redirection unexpected
and created the webroot.ini file here /etc/letsencrypt
any help would be appreciated. Im running ubuntu 14.04
Re: Letsencrypt automatic script
do you have bash installed?
try and run
p.s. I've updated the script so it's compatible with other shell interpreters. try now.
try and run
Code: Select all
bash update.sh
Re: Letsencrypt automatic script
Nice job,
anyone adapt it for apache2 - please share...
Another question: why do you modify default.tpl and default.stpl, I though that only public_shtml directory are for https?
anyone adapt it for apache2 - please share...
Another question: why do you modify default.tpl and default.stpl, I though that only public_shtml directory are for https?
Re: Letsencrypt automatic script
You have to modify the templates for the letsencrypt client domain authentification, so you don't have to stop your nginx server for the authentification.labasus wrote: Another question: why do you modify default.tpl and default.stpl, I though that only public_shtml directory are for https?
You can use public_html directory for http and https content at the same time (see in web -> SSL Support -> SSL Home).
I work at a complet implementation of Let's Encrypt for VestaCP:labasus wrote:Nice job,
anyone adapt it for apache2 - please share...
SSL Certs Field will be automatically greyed out if "Let's Encrypt Option" is checked. At the moment, I create the modification for business internal use only. Is there any interest from the VestaCP team or anyone for an public release?
Best Regards
Raphael
Re: Letsencrypt automatic script - Native Debian Installation
In later stages it would be awesome if Vesta would install Let's Encrypt automatically during installation. The Debian package reached already testing (https://packages.debian.org/testing/letsencrypt) and I imagine the CentOS/RHEL version is having a similar development. Meaning that there will be no need to clone the git repo and add all this extra unnecessary python to your server.
For those interested, you can already install Let's Encrypt from the Debian repositories safely even in a production server by following the tutorials below (I've done thins in my own VPS and it works without problems/bugs):
(I guess that Ubuntu users could make it work with the same or similar process though I haven't personally tested the guides below in Ubuntu)
1. Set your repos to be something like that:
http://serverfault.com/questions/22414/ ... 101#382101
2. Check your pin and install
https://www.rootatwc.com/blog/article/4
For those interested, you can already install Let's Encrypt from the Debian repositories safely even in a production server by following the tutorials below (I've done thins in my own VPS and it works without problems/bugs):
(I guess that Ubuntu users could make it work with the same or similar process though I haven't personally tested the guides below in Ubuntu)
1. Set your repos to be something like that:
http://serverfault.com/questions/22414/ ... 101#382101
2. Check your pin and install
https://www.rootatwc.com/blog/article/4
Re: Letsencrypt automatic script - Suggestion about CMS use
I would like to suggest you adding a "fix" in this automatic script for users to be able to use it with Drupal or other CMS.
I didn't have the time to test your script thoroughly but is a known Let's Encrypt bug to have broken authorization when used with Drupal (https://community.letsencrypt.org/t/dru ... ation/3014).
The problem is that the Drupal .htaccess (I will soon try to reproduce the problem in Joomla and WordPress) breaks the issuing of the certificate and it has to be temporarily removed so you can successfully issue the certificate.
The solution is a simple command and it would be awesome if you implement another checkbox in Vesta UI, something like "Certificate for CMS" and when ticked by the user to have it run the command below:
Of course any user could disable the .htaccess manually or having the checkbox mention above to just rename the .htaccess when ticked and undo it when unticked.
For those who want to use Drupal + Let's Encrypt + Multisite here: http://forum.vestacp.com/viewtopic.php? ... ite#p36554. I do not know if there could be some automation in issuing certificates for Drupal multisite though.
I didn't have the time to test your script thoroughly but is a known Let's Encrypt bug to have broken authorization when used with Drupal (https://community.letsencrypt.org/t/dru ... ation/3014).
The problem is that the Drupal .htaccess (I will soon try to reproduce the problem in Joomla and WordPress) breaks the issuing of the certificate and it has to be temporarily removed so you can successfully issue the certificate.
The solution is a simple command and it would be awesome if you implement another checkbox in Vesta UI, something like "Certificate for CMS" and when ticked by the user to have it run the command below:
Code: Select all
cd /{putYOURdirectoryhere}/public_html && mv .htaccess .htaccess_dis &&
service apache2 reload &&
{put YOUR letsencrypt-auto command here} &&
mv .htaccess_dis .htaccess &&
service apache2 reload
For those who want to use Drupal + Let's Encrypt + Multisite here: http://forum.vestacp.com/viewtopic.php? ... ite#p36554. I do not know if there could be some automation in issuing certificates for Drupal multisite though.
-
- Posts: 29
- Joined: Sun Dec 13, 2015 6:18 pm
Re: Letsencrypt automatic script
Raphael, I am very interested in this automated implementation you have created. I believe this is something that Vesta can support as a core feature.I work at a complet implementation of Let's Encrypt for VestaCP:
SSL Certs Field will be automatically greyed out if "Let's Encrypt Option" is checked. At the moment, I create the modification for business internal use only. Is there any interest from the VestaCP team or anyone for an public release?
Best Regards
Raphael
How may I have access to your work?
If you wish, github is a create way to share the code or or any other private git repo host.
I look forward to your reply,
Best regards,
Ramael
Re: Letsencrypt automatic script
Hi Ramaelsacredwebsite wrote: Raphael, I am very interested in this automated implementation you have created. I believe this is something that Vesta can support as a core feature.
How may I have access to your work?
If you wish, github is a create way to share the code or or any other private git repo host.
I look forward to your reply,
Best regards,
Ramael
I'm almost done with developing the modification.
Created 4 new Scripts, based from VestaCP Source:
Code: Select all
-rwxr-x--- 1 root root 5811 Dez 30 14:15 v-add-web-domain-ssl-letsencrypt
-rwxr-x--- 1 root root 3085 Dez 30 12:40 v-delete-web-domain-ssl-letsencrypt
-rwxr-x--- 1 root root 1589 Dez 30 19:07 v-list-web-domains-ssl-letsencrypt
-rwxr-xr-x 1 root root 1601 Dez 30 20:37 v-update-web-domains-ssl-letsencrypt
Best Regards
Raphael