Vesta Control Panel - Forum

Community Forum
https://forum.vestacp.com/

Force ssl and lets encrypt problems

https://forum.vestacp.com/viewtopic.php?t=14269

Page 1 of 1

Force ssl and lets encrypt problems

Posted: Mon Apr 03, 2017 8:43 am
by rpr
Hi,

I am running vesta with nginx and php-fpm.
I want every website to run as https so I used this faq:
https://vestacp.com/docs/#how-to-force-https

First of all I needed to copy "force-https.tpl" & "force-https.stpl" to /usr/local/vesta/data/templates/web/nginx/php-fpm or it wasn't listed in the dropdownlist.

But when you create a new website like test.com and select force-https the letsencrypt fails with "Error: The key authorization file from the server did not match this challenge"

Which is logical because the force-https config files is missing the:
location ~ "^/\.well-known/acme-challenge/(.*)$" {

When you first select the default and then change it to force https it works but will the renewal work?

Re: Force ssl and lets encrypt problems

Posted: Fri Feb 23, 2018 8:24 am
by baoang
rpr wrote: Mon Apr 03, 2017 8:43 am Hi,

I am running vesta with nginx and php-fpm.
I want every website to run as https so I used this faq:
https://vestacp.com/docs/#how-to-force-https

First of all I needed to copy "force-https.tpl" & "force-https.stpl" to /usr/local/vesta/data/templates/web/nginx/php-fpm or it wasn't listed in the dropdownlist.

But when you create a new website like test.com and select force-https the letsencrypt fails with "Error: The key authorization file from the server did not match this challenge"

Which is logical because the force-https config files is missing the:
location ~ "^/\.well-known/acme-challenge/(.*)$" {

When you first select the default and then change it to force https it works but will the renewal work?
The same problem. I installed nginx without apache module, and also couldn't find force-ssl in the dropdown list according to the official manual.
It's hard to configure the SSL and the redirect. So sad:(

Re: Force ssl and lets encrypt problems

Posted: Tue Feb 27, 2018 6:20 pm
by noogen
I also find that the existing template is not very friendly when it comes to adding additional config or in this case, forcing ssl. This is how I do it. Let use the default.tpl for php-fpm as example: https://github.com/serghey-rodin/vesta/ ... lt.tpl#L10

Specifically line #10 or more specifically find the "location / {" line:

Code: Select all

location / {
Change this to:

Code: Select all

location / {
   include %home%/%user%/web/%domain%/private/ngin*.conf;
This will give you more flexibility to have custom nginx conf file. Then add a file inside of your website private folder, example: /home/user/web/example.com/private/nginx.conf

Code: Select all

# doing https redirect
if ($scheme = http) {
	return 301 https://$server_name$request_uri;
}
Then use Vesta Panel to switch template and apply the new configuration.

You can also just add the above code to line #11 of the original template file, but that will make it harder to force ssl with specific website using the same template.

Here's the script I use to patch all of the php-fpm template files: https://gist.githubusercontent.com/noog ... 0/patch.sh
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited