Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

[misak35]

I think I used this script, and now I have issue with LE GUI,

Code: Select all

Error: /tmp/tmp.krDopo9HWG/mydomainname.crt not found

Can someone help me.

Thanks

[dpeca]

Hi,

Thank you so much for your script. I don't check it until now. I have problem here with the details below:

Code: Select all

Failed authorization procedure. domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge [z6rqH3NyOYBaRed8wlAx1i3T1nhI-m3xX8U-XHvkR_U.kjZFnssi88QbqQmqT5aoFZIHmGNQJRjma7_iA-xxx] != [z6rqH3NyOYBaRed8wlAx1i3T1nhI-m3xX8U-XHvkR_U.HroLKHp_NxjfUjx-2lFC61bb9nJ_wnjgluBRAxxx]

I'm followed your old reply: viewtopic.php?f=19&t=12617#p50574.

Maybe you can help me know what do to do now? I think the problem by I had using the let's encrypt gui in vestacp admin before run your script. Maybe it's the problem here.

I think your DNS is not pointing to your server for that domain.
Or you moved site to new server recently - and you need to wait 24h for DNS propagation.

[dpeca]

I think I used this script, and now I have issue with LE GUI,

Code: Select all

Error: /tmp/tmp.krDopo9HWG/mydomainname.crt not found

Can someone help me.

Thanks

Bug is not related with my script, I think bug is in Vesta LE scripts.

[Loc_rabbirt]

I think your DNS is not pointing to your server for that domain.
Or you moved site to new server recently - and you need to wait 24h for DNS propagation.

Thank you, I got the problem fixed :)

[apachler]

this script is needed in v17 also? No way to make Vesta using Lets Encrypt for all services by default?

I will check it... I saw one command that Serghey built before one month.

any news here?

[starter]

Thank you dpeca for this nice script!
You should put it on github.

I have a question though: how could I add aliases of the domain or other subdomains that I want the certificate to be valid with ?

This script only uses the domain without www, but normally one would at least need one with and without the www..
Secondly, it would be even better to be able to add other subdomains, such as those for the mail sever.

[dpeca]

I have a question though: how could I add aliases of the domain or other subdomains that I want the certificate to be valid with ?

No way to do that.
Use Vesta letsencrypt built-in functionality for that.

This script only uses the domain without www, but normally one would at least need one with and without the www..

Are you sure about this?
Are we talking about server hostname or about another domain on server?

[starter]

Are you sure about this?
Are we talking about server hostname or about another domain on server?

I talk about the host. Is there a reason you don't add the www on line 106 but do so for the non-host domains ?


Here is a way for the smpt and/or imap domains to be referenced by the Let's Encrypt certificate:

Suppose that your smtp and imap servers are on the same email subdomain of your host domain and it already have its DNS A record.
First, you must add this subdomain as an alias of your web server. Let's Encrypt ACME validation uses the webport.
Then modify the script by adding your subdomain on line 106.

Example with also the www for the host domain (lines 105-109):

Code: Select all

if [[ $hostname == $domain ]]; then
    ./letsencrypt-auto certonly --renew-by-default --webroot -w /home/$user/web/$domain/public_html -d $domain -d www.$domain -d mail.$domain
else
    ./letsencrypt-auto certonly --renew-by-default --webroot -w /home/$user/web/$domain/public_html -d $domain -d www.$domain
fi

Generate your certificates, and this time you will also have valid imap & smtp certificates without any warning from your email clients.

Note: If you already generated your certificates with this script, it is a bit trickier. Prior I had to delete the certificates in /home/admin/conf/web and modify the script so that it accepts a renewal altough the supposed validity of the current ones.

[dpeca]

I talk about the host. Is there a reason you don't add the www on line 106 but do so for the non-host domains ?

The reason is that if your server hostname is server5.mycompany.com and your server is not hosting DNS for mycompany.com (let's say you are using Godaddy DNS), then, in most cases, people will not create A record for www.server5.mycompany.com - and generating SSL will fail :)

Since I see that you found that if line in my script, be free to remove it and add -d for other subdomains :)

[dpeca]

this script is needed in v17 also? No way to make Vesta using Lets Encrypt for all services by default?

I will check it... I saw one command that Serghey built before one month.

any news here?

https://github.com/serghey-rodin/vesta/ ... -vesta-ssl