I am planning on switching to Ajenti shortly but I would also like it if it supports Let's Encrypt when it rolls out. This would make it a lot easier for me to utilize SSL for my sites.
I would also like to see this.
Was already looking for the plan of adding let's encrypt to ajenti. This would be really great to get this supported. Hope to see this soon.
I'm running an Ubuntu droplet w/ Ajenti-V and have added letsencrypt successfully. You just have to use the manual configuration options. However, +1 for any sort of automation or other improvements.
How to do? Just create certs and add them to the certs in the settings? And add to the website ssl settings?
@dschense I'm only pulling a B rating right now, however, I haven't spent really any time trying to configure anything as of yet. You need to generate the certificate in certonly mode and then apply it manually.
My problem isn't with the websites SSL options.
I'd like to change the certs used to access the Ajenti dashboard with the Let's Encrypt certificates.
I've successfully generated the certs for my domain and created the symlinks in "/etc/ajenti"
-r-------- 1 root root 2,8K ajenti.pem
-rwx------ 1 root root 4,3K config.json
lrwxrwxrwx 1 root root 53 letsencrypt_cert.pem -> /etc/letsencrypt/live/MYDOMAIN/cert.pem
lrwxrwxrwx 1 root root 54 letsencrypt_chain.pem -> /etc/letsencrypt/live/MYDOMAIN/chain.pem
lrwxrwxrwx 1 root root 58 letsencrypt_fullchain.pem -> /etc/letsencrypt/live/MYDOMAIN/fullchain.pem
lrwxrwxrwx 1 root root 56 letsencrypt_privkey.pem -> /etc/letsencrypt/live/MYDOMAIN/privkey.pem
But after updating the certificate_path in config.json and restarting the Ajenti service, the dashboard it's unreachable
@genna87 I just did this yesterday and had to manually create a new .pem file with the cert on top and the privkey on bottom... there may be an openssl command to automate this but I just did it with a text editor.
Ok, but which pem should I concatenate with privkey?
cert.pem, chain.pem or fullchain.pem?
@genna87 you need to combine the cert.pem and privkey.pem, and then point Ajenti (in config.json) to the combined file.
Thank you very much!
While attempting to generate certs with the certonly option, letsencrypt states that nginx is running and I need to temporarily end the processes. Is it possible to generate keys without doing that? Also will this overwrite any Ajenti>nginx configuration?
You should backup your config for that particular domain. Also, I believe you need to run
service nginx stop prior and then restart once the cert is applied.
If you don't wish to stop the service, you can use the webroot feature as instructed here: https://letsencrypt.readthedocs.org/en/latest/using.html#webroot
Makes sense brianjking
That's exactly what I was looking for. Thanks computerwizjared.
@brianjking thanks for the hint
@computerwizjared thanks for the hint on combining the files. Any thoughts on how to automate this for the 90 day renewals?
Also, I used this lightweight version of letsencrypt on my ajenti setup and got it working fine: https://github.com/lukas2511/letsencrypt.sh
@wrapper No, sorry :/ You'll have to go and manually do it unless someone makes a solution... I'm not experienced enough to do that.
I did a write up for let's encrypt on ajenti https://www.usayd.com/2015/12/20/ngnix-vps-using-ajenti-with-full-https-encryption/
When I took a look at your guide at https://www.usayd.com/2015/12/20/ngnix-vps-using-ajenti-with-full-https-encryption/ I have a few questions:
What about plugin to Anjeti? :)
anybody used these certs with the mail ? TLS support?
tried with Courier and exim4.
put the fullchain.pem and the privkey.pem into the TLS config in the Ajenti panel.
I can sent and recive Mails, but not from GoogleMail. I think the problem is, google does not trust the Cert. anybody tried this as well and has a solution for this ?
What's the alternative to using let's encrypt?
@simsketch. I thought you might also find this useful...
Newest tutorial from Sean McNamara 👍
Let's Encrypt in Ajenti-V
Question: Is mail support going to be affected in any way?
@davidoster easy, but we need solve every 3. month auto re-generation certificates too. What about new domains? For anjeti will be good some global plugin which solve all theese things.
Another way, manually though,
All code is on github!!!
For the ajenti-Panel the problem is Ajenti requiring a combined keychain (privkey.pem+fullchain.pem). The easiest way to get letsencrypt to work with ajenti is:
for dir in $(ls -d /etc/letsencrypt/live/*); do cat $dir/privkey.pem $dir/fullchain.pem > $dir/fullkeychain.pem; done
And finally point the key in config.json to that "fullkeychain.pem".
Well I did a write up, that can be fully automated under a cron job.
It's called LetsEncryptFast.
All the details are here: https://github.com/davidoster/letsencrypt-fast
It is based on the excellent work of the people behind : https://zerossl.com/
@computerwizjared how did you figure the certificate concatenation? you're a genius!
@JoorgeFerrari only about an hour of experimentation ;)
@computerwizjared any idea on how to use letsencrypt to use TLS on mailboxes?
@JoorgeFerrari I'm not entirely sure, sorry. I haven't worked with Ajenti or Let's Encrypt for a few months.
@JoorgeFerrari have you gone to cPanel or are you using another solution? Can you point me any other option than ajenti?