Page 1 of 1
HTTPS Vesta 0.9.8
Posted: Fri Feb 12, 2016 9:40 am
by wodCZ
Hello,
I've created little gist, which would help you getting https ready.
Link:
https://gist.github.com/wodCZ/12f230bf670a3e84d3c7
It contains LetsEncrypt scripts and updated Force-https template. While not totally automatic, it helps a lot (cca 30 seconds to enable https and setup auto renew).
Comment on gist please, as I don't come here regularly.
Re: HTTPS Vesta 0.9.8
Posted: Fri Feb 12, 2016 6:11 pm
by mehargags
Can we install a free LetsEncrypt SSL for the control panel itself ? like I open
https://VestacpIP:8083 to be secured under the free SSl ?
please advise
Re: HTTPS Vesta 0.9.8
Posted: Sat Feb 13, 2016 9:51 am
by pandabb
@mecha Yes you can do that, im using letsencrypt to my hostname but i registered my tld first then subdomain.
Re: HTTPS Vesta 0.9.8
Posted: Sun Feb 14, 2016 9:27 pm
by wodCZ
mehargags wrote:Can we install a free LetsEncrypt SSL for the control panel itself ? like I open
https://VestacpIP:8083 to be secured under the free SSl ?
please advise
I've generated certs for my domain (ikw.cz) and then symlinked fullchain.pem a privkey.pem to /usr/local/vesta/certificate.crt and certificate.key.
Warning: replacing vesta certificates will affect exim and other services. As I don't use them, I can't tell if this will break your mails or not!
Something like this should do the job:
Code: Select all
mv /usr/local/vesta/certificate.crt /usr/local/vesta/certificate.crt.old
mv /usr/local/vesta/certificate.key /usr/local/vesta/certificate.key.old
ln -s /etc/letsencrypt/live/ikw.cz/fullchain.pem /usr/local/vesta/certificate.crt
ln -s /etc/letsencrypt/live/ikw.cz/privkey.pem /usr/local/vesta/certificate.key
service vesta restart
Re: HTTPS Vesta 0.9.8
Posted: Sun Feb 14, 2016 9:29 pm
by wodCZ
I'm thinking about creating plugin for this, but didn't have time to look at Vesta plugin API, if sth like that exists.
Will have a look at that in this week probably.
Re: HTTPS Vesta 0.9.8
Posted: Fri Dec 22, 2017 1:25 am
by petron
How to renew
/usr/local/vesta/ssl/certificate.crt and .key
files when you use the VestaCP with IP address and not domain name like 1.2.3.4:8083 ?
Re: HTTPS Vesta 0.9.8
Posted: Fri Dec 22, 2017 8:33 am
by ScIT
petron wrote:How to renew
/usr/local/vesta/ssl/certificate.crt and .key
files when you use the VestaCP with IP address and not domain name like 1.2.3.4:8083 ?
lets encrypt does not work with public ips, you need to have a domain for the controlpanel. but this can be also a subdomain. then you can also use this script here to get the cert working:
http://forum.vestacp.com/viewtopic.php?f=19&t=13057