Let's Encrypt for VestaCP System (8083) and exim4

[youradds]

How can we certificate multiple domains. Imagine that you have domain1.com and domain2.com and want to use on mail configurations:
mail.domain1.com
mail.domain2.com

There is any way to create a certificate that works for all domains?

Not as far as I'm aware. You would need to really setup the SSL cert on your main domain, and then get everyone to just use that (i.e mail.servername.com)

[BartMan__X]

Congratz, you can register on the board and copy&paste your 3 line shell "solution" without any comment in two posts (here and viewtopic.php?p=56134#p56134). But can you answer me also a question? What will happen after 90days? If not, I will tell you: VestaCP backend will be outdated because you have to restart vesta service after changing/renewing the ssl cert.

So maybe next time: Read the thread where you are posting such a bullshit and try to understand, why it can maybe not work. Thanks.

I LOLed so hard .....

[MAN5]

This also does the exim4 certificates, so you can correctly connect securely to imap/pop3/smtp :)

Thats we set 0644 - executable permissions for root. Those certs are will be executable by exim as default.

What do you do, if the let's encrypt cert will be regenerated (normaly after 2 months)? As far as I know, you have to restart the service(s) for providing the new cert, otherwise it will be outdated/invalid. That was also a point, to do this script, because it was the only way for now to restart affected services (in my envroiment vsftpd, vesta and exim4).

Hi sorry. I missed this post OR i overlooked ontime. I feel your point is true as need to restart the VESTA/EXIM/FTP etc.,
But, what is the current 'v-update-letsencrypt-ssl' ?
I think, the restarting of the available mandatory services are could be done with the above script as default. This will keep the script as professional. (Myself im using my server hostname, VestaCP, Exim & Vsftp all using same SSL).

Or may send a Service-Restart reminder to the root email (If the root domain SSL has updated via the above script)

[openVZvsKVM]

VestaCP has now a integrated way to solve the request: viewtopic.php?f=10&t=17353

Hi @ all

For our internal VestaCP Systems I've written a short script to use the Let's Encrypt SSL Certificates for VestaCP (8083) and exim4.

First of all:
- Create your domain in WEB (for example server.domain.tld)
- Add a Let's Encrypt Certificate with v-add-letsencrypt-domain user domain
- Create and modify the script you will find here: https://git.scit.ch/rs/VestaCP-SystemSSL

Tested on Ubuntu 14.04 and Debian 8.

Please let me know if it also works for you, if you have any problems post it here or use the "Issue"-Function from our GitLab Server.

Why you should use this way instead of "create only symlinks of the cert files": viewtopic.php?p=56451#p56428

Thank You Sooo Much!!! it is very helpful for me and i have solved my mail server issues....
Extra Thank for this script https://git.scit.ch/rs/VestaCP-SystemSSL

[cottager]

How can we certificate multiple domains. Imagine that you have domain1.com and domain2.com and want to use on mail configurations:
mail.domain1.com
mail.domain2.com

There is any way to create a certificate that works for all domains?

I see no reason why you can't put aliases in your web domain for the mail servers you want to be in that certificate. Just add them in the aliases.

[Nugjii]

Hello all,

/etc/exim4/exim4.conf.template

Code: Select all

tls_advertise_hosts = *
tls_certificate = /usr/local/vesta/ssl/certificate.crt
tls_privatekey = /usr/local/vesta/ssl/certificate.key

symlinked

root@mail:/usr/local/vesta/ssl# ls -la

Code: Select all

total 8
drw-rw----  2 root mail 4096 Apr 28 09:10 .
drwxr-xr-x 16 root root 4096 Apr 24 11:45 ..
lrwxrwxrwx  1 root root   41 Apr 28 09:09 certificate.crt -> /home/admin/conf/web/ssl.domain.mn.crt
lrwxrwxrwx  1 root root   41 Apr 28 09:10 certificate.key -> /home/admin/conf/web/ssl.domain.mn.key

set group and permission

root@mail:/home/admin/conf/web# ls -la

Code: Select all

-rw-rw---- 1 root root  1674 Apr 28 09:07 ssl.domain.mn.ca
-rw-r--r-- 1 root mail  2273 Apr 28 09:07 ssl.domain.mn.crt
-rw-r--r-- 1 root mail  3243 Apr 28 09:07 ssl.domain.mn.key
-rw-rw---- 1 root root  3948 Apr 28 09:07 ssl.domain.mn.pem

restarted exim4 service but, I still get the following error on Exim log.

Code: Select all

2020-04-28 12:15:49 TLS error on connection from mail.domain.mn (me) [43.231.114.90] (cert/key setup: cert=/usr/local/vesta/ssl/certificate.crt key=/usr/local/vesta/ssl/certificate.key): Error while reading file.

I'm using LetsEncrypt certificates and they seem to working fine over HTTPS.
rebooted, copy cert files instead of symlinked but stiil have same error.
Why is this happening? Have you had any success resolving this issue?

[youradds]

If you are just trying to assign a SSL cert to the mail stuff (or vescacp admin for that matter), you can do it at:

https://foo.com:8083/edit/server/

So login as "admin", then "Server"> "Configure" (on the server itself). If you expand the mail option you can then see the option to "Use Web Domain SSL Certificate "

I only noticed this on a new build I did - so I'm not sure what version is came out in. Hope that helps

Andy

[Nugjii]

root@mail:~# v-list-sys-vesta-updates

Code: Select all

PKG                VER    REL  ARCH   UPDT  DATE
---                ---    ---  ----   ----  ----
vesta              0.9.8  26   amd64  yes   2020-04-24
vesta-php          0.9.8  26   amd64  yes   2020-04-24
vesta-nginx        0.9.8  26   amd64  yes   2020-04-24
vesta-ioncube      0.9.8  26   amd64  yes   2020-04-24
vesta-softaculous  0.9.8  26   amd64  yes   2020-04-24

Try you suggestion but still get error.

2020-04-28 14:38:25 TLS error on connection from mail.domain.mn (me) [43.231.114.90] (cert/key setup: cert=/usr/local/vesta/ssl/mail.crt key=/usr/local/vesta/ssl/mail.key): Error while reading file.

[youradds]

Did you remove your copies / symlinks first?

[Nugjii]

Did you remove your copies / symlinks first?

YES

Code: Select all

root@mail:/usr/local/vesta/ssl# ls -la
total 16
drw-rw----  2 root mail 4096 Apr 28 15:17 .
drwxr-xr-x 16 root root 4096 Apr 24 11:45 ..
-rw-r-----  1 root mail 3948 Apr 28 15:17 mail.crt
-rw-r--r--  1 root mail 3243 Apr 28 15:17 mail.key