Vesta Control Panel - Forum

Community Forum

Skip to content

Advanced search
  • Quick links
    • Main site
    • Github repo
    • Google Search
  • FAQ
  • Login
  • Register
  • Board index Dev Section 3rd Party Software
  • Search
Reminder: On the servers affected by ChachaDDoS passwords for admin and root need to be changed necessarily

Let's Encrypt for VestaCP System (8083) and exim4

Section with additional software for Vesta
Post Reply
  • Print view
Advanced search
45 posts
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Vladimir Chanaev
Posts: 40
Joined: Sun Mar 13, 2016 2:21 pm
Contact:
Contact Vladimir Chanaev
Website Facebook Skype

Os: Ubuntu 16x
Web: nginx + php-fpm
Re: Let's Encrypt for VestaCP System (8083) and exim4
  • Quote

Post by Vladimir Chanaev » Mon Feb 12, 2018 10:50 am

billmedina wrote: ↑
Tue Jan 31, 2017 10:32 pm
ln - s /etc/letsencrypt/live/[mydomain.com]/cert.pem /usr/local/vesta/ssl/certificate.crt
ln -s /etc/letsencrypt/live/[mydomain.com]/privkey.pem /usr/local/vesta/ssl/certificate.key
service vesta restart
Thanks, the best way, if you don't need SSL for Exim.

My VestaCP under Ubunt 16.04 didn't have such paths, so the mod will be:

ln -s --force /home/[user]/conf/web/ssl.[domain.com].pem /usr/local/vesta/ssl/certificate.crt
ln -s --force /home/[user]/conf/web/ssl.[domain.com].key /usr/local/vesta/ssl/certificate.key
Top

ScIT
Forum team
Posts: 597
Joined: Mon Feb 23, 2015 4:13 pm

Os: Ubuntu 16x
Web: apache + nginx
Re: Let's Encrypt for VestaCP System (8083) and exim4
  • Quote

Post by ScIT » Mon Feb 12, 2018 10:53 am

Vladimir Chanaev wrote: ↑
Mon Feb 12, 2018 10:50 am
Thanks, the best way, if you don't need SSL for Exim.

My VestaCP under Ubunt 16.04 didn't have such paths, so the mod will be:

ln -s --force /home/[user]/conf/web/ssl.[domain.com].pem /usr/local/vesta/ssl/certificate.crt
ln -s --force /home/[user]/conf/web/ssl.[domain.com].key /usr/local/vesta/ssl/certificate.key
well, you still need to restart the vesta service, so this will still not do the full job...
Top

MAN5
Posts: 85
Joined: Sun Jan 31, 2016 4:14 am

Os: Ubuntu 16x
Web: apache + nginx
Re: Let's Encrypt for VestaCP System (8083) and exim4
  • Quote

Post by MAN5 » Fri Mar 16, 2018 10:48 am

Make symlinks (shortcuts) for crt&key files from the server's domain name SSL files. So whenever you renewing your LE cert for vesta panel's domain, it will be used by vesta:8083 automatically.

SSL for Vesta CP:
( Below script will make a shortcut for vestaCP's main crt/key files from main-domain.com domain's certs & making it executable 0644)

Code: Select all

mv /usr/local/vesta/ssl/certificate.crt /usr/local/vesta/ssl/certificate"$(date '+%Y%m%d%H%M').crt"
mv /usr/local/vesta/ssl/certificate.key /usr/local/vesta/ssl/certificate"$(date '+%Y%m%d%H%M').key"

ln -s /home/admin/conf/web/ssl.main-domain.com.crt /usr/local/vesta/ssl/certificate.crt
ln -s /home/admin/conf/web/ssl.main-domain.com.key /usr/local/vesta/ssl/certificate.key

chmod 0644 /usr/local/vesta/ssl/certificate.crt
chmod 0644 /usr/local/vesta/ssl/certificate.key
service vesta restart
If you didnt do the 0644 > you will get cert files read failed.
Top

youradds
Posts: 90
Joined: Tue Sep 01, 2015 10:16 am

Re: Let's Encrypt for VestaCP System (8083) and exim4
  • Quote

Post by youradds » Fri Mar 16, 2018 10:55 am

This is what I use on my servers:

https://git.scit.ch/rs/VestaCP-SystemSSL

Then just setup a cron to run daily.

Andy
Top

MAN5
Posts: 85
Joined: Sun Jan 31, 2016 4:14 am

Os: Ubuntu 16x
Web: apache + nginx
Re: Let's Encrypt for VestaCP System (8083) and exim4
  • Quote

Post by MAN5 » Fri Mar 16, 2018 1:59 pm

youradds wrote: ↑
Fri Mar 16, 2018 10:55 am
This is what I use on my servers:

https://git.scit.ch/rs/VestaCP-SystemSSL

Then just setup a cron to run daily.

Andy
But curious, why not just make it as a symlink, instead of need of another cron daily?
If there is a reason, i may follow..
Top

youradds
Posts: 90
Joined: Tue Sep 01, 2015 10:16 am

Re: Let's Encrypt for VestaCP System (8083) and exim4
  • Quote

Post by youradds » Fri Mar 16, 2018 2:30 pm

This also does the exim4 certificates, so you can correctly connect securely to imap/pop3/smtp :)
Top

MAN5
Posts: 85
Joined: Sun Jan 31, 2016 4:14 am

Os: Ubuntu 16x
Web: apache + nginx
Re: Let's Encrypt for VestaCP System (8083) and exim4
  • Quote

Post by MAN5 » Sat Mar 17, 2018 5:37 am

youradds wrote: ↑
Fri Mar 16, 2018 2:30 pm
This also does the exim4 certificates, so you can correctly connect securely to imap/pop3/smtp :)
Thats we set 0644 - executable permissions for root. Those certs are will be executable by exim as default.
Top

youradds
Posts: 90
Joined: Tue Sep 01, 2015 10:16 am

Re: Let's Encrypt for VestaCP System (8083) and exim4
  • Quote

Post by youradds » Sat Mar 17, 2018 6:29 am

Ah ok. I may use that on a future server build then :) I had a lot of issues getting the SSL certs to work for the mail stuff, which is why I went for that solution.
Top

ScIT
Forum team
Posts: 597
Joined: Mon Feb 23, 2015 4:13 pm

Os: Ubuntu 16x
Web: apache + nginx
Re: Let's Encrypt for VestaCP System (8083) and exim4
  • Quote

Post by ScIT » Sun Apr 29, 2018 5:24 am

MAN5 wrote: ↑
Sat Mar 17, 2018 5:37 am
youradds wrote: ↑
Fri Mar 16, 2018 2:30 pm
This also does the exim4 certificates, so you can correctly connect securely to imap/pop3/smtp :)
Thats we set 0644 - executable permissions for root. Those certs are will be executable by exim as default.
What do you do, if the let's encrypt cert will be regenerated (normaly after 2 months)? As far as I know, you have to restart the service(s) for providing the new cert, otherwise it will be outdated/invalid. That was also a point, to do this script, because it was the only way for now to restart affected services (in my envroiment vsftpd, vesta and exim4).
Top

kandalf
Posts: 78
Joined: Tue May 13, 2014 11:53 pm

Re: Let's Encrypt for VestaCP System (8083) and exim4
  • Quote

Post by kandalf » Sat Jul 14, 2018 7:29 pm

How can we certificate multiple domains. Imagine that you have domain1.com and domain2.com and want to use on mail configurations:
mail.domain1.com
mail.domain2.com

There is any way to create a certificate that works for all domains?
Top


Post Reply
  • Print view

45 posts
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next

Return to “3rd Party Software”



  • Board index
  • All times are UTC
  • Delete all board cookies
  • The team
Powered by phpBB® Forum Software © phpBB Limited
*Original Author: Brad Veryard
*Updated to 3.2 by MannixMD
 

 

Login  •  Register

I forgot my password