interbrite / letsencrypt-vesta

Automate Let's Encrypt Certificate Installation for VestaCP
Other
217 stars 64 forks source link

SSL Cert for Vesta Backend? #8

Closed s-oehding closed 8 years ago

s-oehding commented 8 years ago

Hi, more a question not an issue: Is it possible to use this to replace the selfsigned Certificate under /usr/local/vesta/ssl?

s-oehding commented 8 years ago

Ok found the answer myself.. Just symlink these two: /home/admin/conf/web/ssl.domain.tld.key /usr/local/vesta/ssl/certificate.key /home/admin/conf/web/ssl.domain.tld.crt /usr/local/vesta/ssl/certificate.crt

jpitoniak commented 8 years ago

Yes, that will do it. I didn't attempt to build support for the admin cert into the tool because it's really easy to set up manually and would actually be a lot more diffiucult to try to automate.

Alternatively you can change paths in /usr/local/vesta/nginx/conf/nginx.conf:

#ssl_certificate      /usr/local/vesta/ssl/certificate.crt;
#ssl_certificate_key  /usr/local/vesta/ssl/certificate.key;
ssl_certificate      /etc/letsencrypt/live/ssl.domain/fullchain.pem;
ssl_certificate_key  /etc/letsencrypt/live/ssl.domain/privkey.pem;

Both approaches will work fine (if you're worried about Vesta overwriting the conf file, it won't--I've been running a custom SSL configuration with a non-Let's Encrypt cert for more than a year and Vesta has never touched it). Just remember that you'll need to restart the vesta service whenever you renew the cert it is linked to:

service vesta restart