Skip to content

Instantly share code, notes, and snippets.

@vincurekf

vincurekf/letsencrypt-vesta+fix.md

Last active May 30, 2017 21:12
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save vincurekf/e72c4b32e3d74fdf335009d5d5f8c88c to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save vincurekf/e72c4b32e3d74fdf335009d5d5f8c88c to your computer and use it in GitHub Desktop.
Download ZIP
VestaCP SSL Certificate automation Ubuntu 16.04
Raw
letsencrypt-vesta+fix.md

VestaCP + letsencrypt-vesta + certbot

Install VestaCP

bash vst-install.sh --nginx yes --apache yes --phpfpm no --named yes --remi yes --vsftpd yes --proftpd no --iptables yes --fail2ban yes --quota no --exim yes --dovecot yes --spamassassin yes --clamav yes --mysql yes --postgresql no --hostname DOMAIN.COM --email EMAIL@DOMAIN.XX --password NEW_VESTA_PASSWORD

installer

letsencrypt-vesta installation summary + fix

From letsencrypt-vesta

Clone certbot and letsencrypt-vesta to /usr/local

cd /usr/local
git clone https://github.com/certbot/certbot.git
git clone https://github.com/interbrite/letsencrypt-vesta.git

Create the "webroot" directory where Let's Encrypt will write the files needed for domain verification.

mkdir -p /etc/letsencrypt/webroot

Symlink certbot-auto and letsencrypt-vesta in /usr/local/bin for easier access. This allows them to be run without needing to know the full path to the programs.

ln -s /usr/local/certbot/certbot-auto /usr/local/bin/certbot-auto
ln -s /usr/local/letsencrypt-vesta/letsencrypt-vesta /usr/local/bin/letsencrypt-vesta

Apache symlink configuration

ln -s /usr/local/letsencrypt-vesta/letsencrypt.conf /etc/apache2/conf.d/letsencrypt.conf

Export locales

comment LINK

export LC_ALL="en_US.UTF-8"
export LC_CTYPE="en_US.UTF-8"

Restart Apache

service apache2 restart

FIX

link to FIX Replace lines 257,258 to following:

HAS_CERT=`$VESTA_PATH/bin/v-list-web-domain-ssl $USER $DOMAIN`
if [[ $HAS_CERT == 'no' ]]		 +        if [[ $HAS_CERT == '' ]]

In Vesta CP add this to the end of apache config file:

# Let's Encrypt Webroot Configuration for Apache
#
# In "webroot" mode, the Let's Encrypt client will attempt to write a
# temporary file to the /.well-known/acme-challenge directory within
# the website's root directory in order to perform the domain
# verification.  Since every Vesta site has a different
# web root directory, this directive creates an alias that will allow
# the Let's Encrypt Client to write these files to a central location
# that can be accessed from all sites.
Alias /.well-known/acme-challenge /etc/letsencrypt/webroot/.well-known/acme-challenge

# Ensure that the proper Content-type header is returned with
# challenge responses
<IfModule mod_headers.c>
  <LocationMatch "/.well-known/acme-challenge/*">
    Header set Content-Type "application/jose+json"
  </LocationMatch>
</IfModule>

Usage

letsencrypt-vesta USERNAME DOMAIN

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment