We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
HTTPS on main site, but not port 8083
-
- Posts: 50
- Joined: Mon Oct 27, 2014 10:04 am
HTTPS on main site, but not port 8083
Hi all,
Seriously impressed to see the implementation of "let's encrypt" on the webserver. Incredibly useful!
I've used the let's encrypt option for a number of sites on my server, and it works perfectly, however I can't seem to get it to work for port 8083 with the admin site.
https://mainsite.com works with SSL using let's encrypt
https://admin.mainsite.com works with SSL using let's encrypt
https://admin.mainsite.com:8083 does NOT work with SSL using let's encrypt. The error I get from Chrome is "your connection to this site is not secure".
Can anyone help or advise?
Thanks, and Happy New Year!
MM
Seriously impressed to see the implementation of "let's encrypt" on the webserver. Incredibly useful!
I've used the let's encrypt option for a number of sites on my server, and it works perfectly, however I can't seem to get it to work for port 8083 with the admin site.
https://mainsite.com works with SSL using let's encrypt
https://admin.mainsite.com works with SSL using let's encrypt
https://admin.mainsite.com:8083 does NOT work with SSL using let's encrypt. The error I get from Chrome is "your connection to this site is not secure".
Can anyone help or advise?
Thanks, and Happy New Year!
MM
-
- Posts: 50
- Joined: Mon Oct 27, 2014 10:04 am
Re: HTTPS on main site, but not port 8083
Ok, so a little research and I found that the server settings have an old SSL certificate that is out of date installed. How do I delete this? I've tried deleting the text and saving the settings, but it doesn't remove it.
-
- Posts: 50
- Joined: Mon Oct 27, 2014 10:04 am
Re: HTTPS on main site, but not port 8083
I've also tried renaming the certificate files in:
/usr/local/vesta/ssl
but that just resulted in the 8083 admin area being inaccessible.
If I have a letsencrypt SSL cert configured for admin.mainsite.com, is that not able to be used by admin.mainsite.com:8083?
/usr/local/vesta/ssl
but that just resulted in the 8083 admin area being inaccessible.
If I have a letsencrypt SSL cert configured for admin.mainsite.com, is that not able to be used by admin.mainsite.com:8083?
-
- Posts: 50
- Joined: Mon Oct 27, 2014 10:04 am
Re: HTTPS on main site, but not port 8083
So, a little bit more research ...
let's encrypt creates and stores its SSL certs in:
/home/username/conf/web
and lists them as:
ssl.website.crt
ssl.website.key
whereas the vesta control panel stores its SSL certs in:
/usr/local/vesta/ssl
and lists them as:
certificate.crt
certificate.key
so I renamed the old cert files and then created symlinks to point to the new ones:
ln -s /home/username/conf/web/ssl.website.crt /usr/local/vesta/ssl/certificate.crt
ln -s /home/username/conf/web/ssl.website.key /usr/local/vesta/ssl/certificate.key
I then restarted vesta:
service vesta restart
Cleared my browser cache, and ping! My vesta control panel now works via SSL, using the let's encrypt certificate provided for the website.
It all seems to work fine. My only concern now is what permissions should my symlinks be set to? They're currently rather "open", shall we say!
Hopefully, this will help others.
MM
let's encrypt creates and stores its SSL certs in:
/home/username/conf/web
and lists them as:
ssl.website.crt
ssl.website.key
whereas the vesta control panel stores its SSL certs in:
/usr/local/vesta/ssl
and lists them as:
certificate.crt
certificate.key
so I renamed the old cert files and then created symlinks to point to the new ones:
ln -s /home/username/conf/web/ssl.website.crt /usr/local/vesta/ssl/certificate.crt
ln -s /home/username/conf/web/ssl.website.key /usr/local/vesta/ssl/certificate.key
I then restarted vesta:
service vesta restart
Cleared my browser cache, and ping! My vesta control panel now works via SSL, using the let's encrypt certificate provided for the website.
It all seems to work fine. My only concern now is what permissions should my symlinks be set to? They're currently rather "open", shall we say!
Hopefully, this will help others.
MM
-
- Posts: 50
- Joined: Mon Oct 27, 2014 10:04 am
Re: HTTPS on main site, but not port 8083
Already sorted. Thanks.
-
- Posts: 50
- Joined: Mon Oct 27, 2014 10:04 am
Re: HTTPS on main site, but not port 8083
If this helps anyone, please let me know by replying to this thread. Thanks.
MM
MM
Re: HTTPS on main site, but not port 8083
It will not help, because the symlink will produces a permission error for exim. You will see this in mainlog, that exim cant open the log. I had that problem already, that's why i've wrote the guide above.missionaryman wrote:If this helps anyone, please let me know by replying to this thread. Thanks.
MM
-
- Posts: 50
- Joined: Mon Oct 27, 2014 10:04 am
Re: HTTPS on main site, but not port 8083
Thanks for letting me know. How did you fix it?
Re: HTTPS on main site, but not port 8083
have a look here: http://forum.vestacp.com/viewtopic.php?f=19&t=13057missionaryman wrote:Thanks for letting me know. How did you fix it?