We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Let's Encrypt for VestaCP System (8083) and exim4
-
- Posts: 45
- Joined: Sun Mar 13, 2016 2:21 pm
- Contact:
- Os: Ubuntu 17x
- Web: nginx + php-fpm
Re: Let's Encrypt for VestaCP System (8083) and exim4
Thanks, the best way, if you don't need SSL for Exim.billmedina wrote: ↑Tue Jan 31, 2017 10:32 pmln - s /etc/letsencrypt/live/[mydomain.com]/cert.pem /usr/local/vesta/ssl/certificate.crt
ln -s /etc/letsencrypt/live/[mydomain.com]/privkey.pem /usr/local/vesta/ssl/certificate.key
service vesta restart
My VestaCP under Ubunt 16.04 didn't have such paths, so the mod will be:
ln -s --force /home/[user]/conf/web/ssl.[domain.com].pem /usr/local/vesta/ssl/certificate.crt
ln -s --force /home/[user]/conf/web/ssl.[domain.com].key /usr/local/vesta/ssl/certificate.key
Re: Let's Encrypt for VestaCP System (8083) and exim4
well, you still need to restart the vesta service, so this will still not do the full job...Vladimir Chanaev wrote: ↑Mon Feb 12, 2018 10:50 amThanks, the best way, if you don't need SSL for Exim.
My VestaCP under Ubunt 16.04 didn't have such paths, so the mod will be:
ln -s --force /home/[user]/conf/web/ssl.[domain.com].pem /usr/local/vesta/ssl/certificate.crt
ln -s --force /home/[user]/conf/web/ssl.[domain.com].key /usr/local/vesta/ssl/certificate.key
Re: Let's Encrypt for VestaCP System (8083) and exim4
Make symlinks (shortcuts) for crt&key files from the server's domain name SSL files. So whenever you renewing your LE cert for vesta panel's domain, it will be used by vesta:8083 automatically.
SSL for Vesta CP:
( Below script will make a shortcut for vestaCP's main crt/key files from main-domain.com domain's certs & making it executable 0644)
If you didnt do the 0644 > you will get cert files read failed.
SSL for Vesta CP:
( Below script will make a shortcut for vestaCP's main crt/key files from main-domain.com domain's certs & making it executable 0644)
Code: Select all
mv /usr/local/vesta/ssl/certificate.crt /usr/local/vesta/ssl/certificate"$(date '+%Y%m%d%H%M').crt"
mv /usr/local/vesta/ssl/certificate.key /usr/local/vesta/ssl/certificate"$(date '+%Y%m%d%H%M').key"
ln -s /home/admin/conf/web/ssl.main-domain.com.crt /usr/local/vesta/ssl/certificate.crt
ln -s /home/admin/conf/web/ssl.main-domain.com.key /usr/local/vesta/ssl/certificate.key
chmod 0644 /usr/local/vesta/ssl/certificate.crt
chmod 0644 /usr/local/vesta/ssl/certificate.key
service vesta restart
Re: Let's Encrypt for VestaCP System (8083) and exim4
This is what I use on my servers:
https://git.scit.ch/rs/VestaCP-SystemSSL
Then just setup a cron to run daily.
Andy
https://git.scit.ch/rs/VestaCP-SystemSSL
Then just setup a cron to run daily.
Andy
Re: Let's Encrypt for VestaCP System (8083) and exim4
But curious, why not just make it as a symlink, instead of need of another cron daily?youradds wrote: ↑Fri Mar 16, 2018 10:55 amThis is what I use on my servers:
https://git.scit.ch/rs/VestaCP-SystemSSL
Then just setup a cron to run daily.
Andy
If there is a reason, i may follow..
Re: Let's Encrypt for VestaCP System (8083) and exim4
This also does the exim4 certificates, so you can correctly connect securely to imap/pop3/smtp :)
Re: Let's Encrypt for VestaCP System (8083) and exim4
Ah ok. I may use that on a future server build then :) I had a lot of issues getting the SSL certs to work for the mail stuff, which is why I went for that solution.
Re: Let's Encrypt for VestaCP System (8083) and exim4
What do you do, if the let's encrypt cert will be regenerated (normaly after 2 months)? As far as I know, you have to restart the service(s) for providing the new cert, otherwise it will be outdated/invalid. That was also a point, to do this script, because it was the only way for now to restart affected services (in my envroiment vsftpd, vesta and exim4).
Re: Let's Encrypt for VestaCP System (8083) and exim4
How can we certificate multiple domains. Imagine that you have domain1.com and domain2.com and want to use on mail configurations:
mail.domain1.com
mail.domain2.com
There is any way to create a certificate that works for all domains?
mail.domain1.com
mail.domain2.com
There is any way to create a certificate that works for all domains?