Nginx only configuration?

[ethanpil]

The install instructions show how to do this for Apache, but what about nginx only vesta server? How can we configure it to pick up these certs?

[jpitoniak]

It's doable, but a little more difficult because the config needs to be added to each vhost (Nginx doesn't support the concert of global configurations as Apache does). To do it, add the following to each of the files in /usr/local/vesta/data/templates/web/nginx/ (or at least to the files that correspond with Nginx configurations you're using). You should put it somewhere before the "location @fallback" block.

location /.well-known/acme-challenge {
    default_type text/plain;
    root /etc/letsencrypt/webroot;
}

Then, for any existing accounts, you'll need to run the v-rebuild-web-domains command for each existing account to apply the change to it's config.

/usr/local/vesta/bin/v-rebuild-web-domains USERNAME

Finally, restart nginx and you should be good to go.

service nginx restart

[jpitoniak]

The new update I just pushed out has better support for Nginx-only servers.

[vengefultacos]

Hit a problem with the nginx-only config. Getting the cert works, but restarting nginx fails:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/my.domain.com/fullchain.pem. Your cert
   will expire on 2016-04-15. To obtain a new version of the
   certificate in the future, simply run Let's Encrypt again.
 - If you like Let's Encrypt, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

 * Restarting nginx nginx                                                       nginx: [emerg] unexpected end of file,     expecting ";" or "}" in /etc/nginx/conf.d/vesta.conf:8
nginx: configuration file /etc/nginx/nginx.conf test failed

Looking at vesta.conf, I found the line:

Include /home/USERNAME/conf/web/snginx.conf

First issue: nginx is case sensitive, so it doesn't like "Include". I changed it to "include". Second issue is that the semicolon is missing at the end of the line.

[jpitoniak]

The vesta.conf file is written by Vesta when a new site is configured. I'm not sure why it would be written out with a capital "I," but letsencrypt-vesta doesn't do anything that would touch that file, since it requires a site to exist before a cert can be added to it.

[iskrisis]

Just reporting that exact same thing happened to me.

Very strange.

[jpitoniak]

It looks like there's a bug in v-add-web-domain-sll that's causing this.

There's at least a couple of Vesta bug reports open for it:

• https://bugs.vestacp.com/issues/21
• https://bugs.vestacp.com/issues/136