interbrite / letsencrypt-vesta

Automate Let's Encrypt Certificate Installation for VestaCP
Other
217 stars 64 forks source link

Apache-only/No Proxy Support issue #23

Open snakehill opened 8 years ago

snakehill commented 8 years ago

This is more of a flaw with Vesta CP than with the automation, but SSL doesn't work when Nginx/Proxy Support is turned off completely.

Proxy Support needs to be turned on for the domain before the SSL can be added. Doing it in any other way will lead to a Nginx service restart failure.

Perhaps include automation for turning on the Proxy Support in case it's not already?

jpitoniak commented 8 years ago

Could you share the error message you are getting?

letsencrypt-vesta restarts whichever web servers it can find after it installs a certificate. It does this by sliently checking the service status of the commonly used service names (httpd, apache2, nginx) and, when it finds one running, it issues a restart command. It shouldn't be trying to restart Nginx if Nginx isn't there, so the fact that yoou're seeing an error may point to a configuration issue on your server that you might not be aware of.

snakehill commented 8 years ago

It's a nginx restart failure, both in Vesta CP and server-side. It can't reboot, close or do anything with the nginx service anymore.

This happens if you add a certificate for a domain when Proxy Support for that particular domain is turned off within Vesta CP (unchecked box). Apparently, Vesta CP has to have the Proxy Support checked on for SSL to work in general, even if Nginx is not used any other way.

But.. one can still add SSL without this Proxy Support checked on, leading to this fatal error. Hence it'd be nice if the Proxy Support is turned on automatically upon generating a certificate.