New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Let’s Encrypt Support #797

Open
smccloud opened this Issue Oct 5, 2015 · 38 comments

Comments

Projects
None yet
@smccloud

smccloud commented Oct 5, 2015

I am planning on switching to Ajenti shortly but I would also like it if it supports Let's Encrypt when it rolls out. This would make it a lot easier for me to utilize SSL for my sites.

@bbbenji

This comment has been minimized.

Show comment
Hide comment
@bbbenji

bbbenji Oct 23, 2015

I would also like to see this.

bbbenji commented Oct 23, 2015

I would also like to see this.

@dschense

This comment has been minimized.

Show comment
Hide comment
@dschense

dschense Nov 23, 2015

Was already looking for the plan of adding let's encrypt to ajenti. This would be really great to get this supported. Hope to see this soon.

dschense commented Nov 23, 2015

Was already looking for the plan of adding let's encrypt to ajenti. This would be really great to get this supported. Hope to see this soon.

@swiesend

This comment has been minimized.

Show comment
Hide comment
@swiesend

swiesend commented Nov 24, 2015

+1

@genna87

This comment has been minimized.

Show comment
Hide comment
@genna87

genna87 commented Dec 4, 2015

+1

@brianjking

This comment has been minimized.

Show comment
Hide comment
@brianjking

brianjking Dec 4, 2015

I'm running an Ubuntu droplet w/ Ajenti-V and have added letsencrypt successfully. You just have to use the manual configuration options. However, +1 for any sort of automation or other improvements.

brianjking commented Dec 4, 2015

I'm running an Ubuntu droplet w/ Ajenti-V and have added letsencrypt successfully. You just have to use the manual configuration options. However, +1 for any sort of automation or other improvements.

@dschense

This comment has been minimized.

Show comment
Hide comment
@dschense

dschense Dec 5, 2015

How to do? Just create certs and add them to the certs in the settings? And add to the website ssl settings?

dschense commented Dec 5, 2015

How to do? Just create certs and add them to the certs in the settings? And add to the website ssl settings?

@brianjking

This comment has been minimized.

Show comment
Hide comment
@brianjking

brianjking Dec 6, 2015

@dschense I'm only pulling a B rating right now, however, I haven't spent really any time trying to configure anything as of yet. You need to generate the certificate in certonly mode and then apply it manually.

screenshot12-6-1500 18-1

screenshot12-6-1500 18

brianjking commented Dec 6, 2015

@dschense I'm only pulling a B rating right now, however, I haven't spent really any time trying to configure anything as of yet. You need to generate the certificate in certonly mode and then apply it manually.

screenshot12-6-1500 18-1

screenshot12-6-1500 18

@genna87

This comment has been minimized.

Show comment
Hide comment
@genna87

genna87 Dec 6, 2015

My problem isn't with the websites SSL options.
I'd like to change the certs used to access the Ajenti dashboard with the Let's Encrypt certificates.

I've successfully generated the certs for my domain and created the symlinks in "/etc/ajenti"

-r-------- 1 root root 2,8K ajenti.pem
-rwx------ 1 root root 4,3K config.json
lrwxrwxrwx 1 root root   53 letsencrypt_cert.pem -> /etc/letsencrypt/live/MYDOMAIN/cert.pem
lrwxrwxrwx 1 root root   54 letsencrypt_chain.pem -> /etc/letsencrypt/live/MYDOMAIN/chain.pem
lrwxrwxrwx 1 root root   58 letsencrypt_fullchain.pem -> /etc/letsencrypt/live/MYDOMAIN/fullchain.pem
lrwxrwxrwx 1 root root   56 letsencrypt_privkey.pem -> /etc/letsencrypt/live/MYDOMAIN/privkey.pem

But after updating the certificate_path in config.json and restarting the Ajenti service, the dashboard it's unreachable

genna87 commented Dec 6, 2015

My problem isn't with the websites SSL options.
I'd like to change the certs used to access the Ajenti dashboard with the Let's Encrypt certificates.

I've successfully generated the certs for my domain and created the symlinks in "/etc/ajenti"

-r-------- 1 root root 2,8K ajenti.pem
-rwx------ 1 root root 4,3K config.json
lrwxrwxrwx 1 root root   53 letsencrypt_cert.pem -> /etc/letsencrypt/live/MYDOMAIN/cert.pem
lrwxrwxrwx 1 root root   54 letsencrypt_chain.pem -> /etc/letsencrypt/live/MYDOMAIN/chain.pem
lrwxrwxrwx 1 root root   58 letsencrypt_fullchain.pem -> /etc/letsencrypt/live/MYDOMAIN/fullchain.pem
lrwxrwxrwx 1 root root   56 letsencrypt_privkey.pem -> /etc/letsencrypt/live/MYDOMAIN/privkey.pem

But after updating the certificate_path in config.json and restarting the Ajenti service, the dashboard it's unreachable

@computerwizjared

This comment has been minimized.

Show comment
Hide comment
@computerwizjared

computerwizjared Dec 6, 2015

@genna87 I just did this yesterday and had to manually create a new .pem file with the cert on top and the privkey on bottom... there may be an openssl command to automate this but I just did it with a text editor.

computerwizjared commented Dec 6, 2015

@genna87 I just did this yesterday and had to manually create a new .pem file with the cert on top and the privkey on bottom... there may be an openssl command to automate this but I just did it with a text editor.

@genna87

This comment has been minimized.

Show comment
Hide comment
@genna87

genna87 Dec 6, 2015

Ok, but which pem should I concatenate with privkey?

cert.pem, chain.pem or fullchain.pem?

genna87 commented Dec 6, 2015

Ok, but which pem should I concatenate with privkey?

cert.pem, chain.pem or fullchain.pem?

@computerwizjared

This comment has been minimized.

Show comment
Hide comment
@computerwizjared

computerwizjared Dec 6, 2015

@genna87 you need to combine the cert.pem and privkey.pem, and then point Ajenti (in config.json) to the combined file.

computerwizjared commented Dec 6, 2015

@genna87 you need to combine the cert.pem and privkey.pem, and then point Ajenti (in config.json) to the combined file.

@genna87

This comment has been minimized.

Show comment
Hide comment
@genna87

genna87 Dec 6, 2015

Thank you very much!

genna87 commented Dec 6, 2015

Thank you very much!

@bbbenji

This comment has been minimized.

Show comment
Hide comment
@bbbenji

bbbenji Dec 6, 2015

While attempting to generate certs with the certonly option, letsencrypt states that nginx is running and I need to temporarily end the processes. Is it possible to generate keys without doing that? Also will this overwrite any Ajenti>nginx configuration?

bbbenji commented Dec 6, 2015

While attempting to generate certs with the certonly option, letsencrypt states that nginx is running and I need to temporarily end the processes. Is it possible to generate keys without doing that? Also will this overwrite any Ajenti>nginx configuration?

@brianjking

This comment has been minimized.

Show comment
Hide comment
@brianjking

brianjking Dec 6, 2015

You should backup your config for that particular domain. Also, I believe you need to run

service nginx stop prior and then restart once the cert is applied.

brianjking commented Dec 6, 2015

You should backup your config for that particular domain. Also, I believe you need to run

service nginx stop prior and then restart once the cert is applied.

@computerwizjared

This comment has been minimized.

Show comment
Hide comment
@computerwizjared

computerwizjared Dec 6, 2015

If you don't wish to stop the service, you can use the webroot feature as instructed here: https://letsencrypt.readthedocs.org/en/latest/using.html#webroot

computerwizjared commented Dec 6, 2015

If you don't wish to stop the service, you can use the webroot feature as instructed here: https://letsencrypt.readthedocs.org/en/latest/using.html#webroot

@bbbenji

This comment has been minimized.

Show comment
Hide comment
@bbbenji

bbbenji Dec 6, 2015

Makes sense brianjking

That's exactly what I was looking for. Thanks computerwizjared.

bbbenji commented Dec 6, 2015

Makes sense brianjking

That's exactly what I was looking for. Thanks computerwizjared.

@dschense

This comment has been minimized.

Show comment
Hide comment
@dschense

dschense Dec 7, 2015

@brianjking thanks for the hint

dschense commented Dec 7, 2015

@brianjking thanks for the hint

@wrapper

This comment has been minimized.

Show comment
Hide comment
@wrapper

wrapper Dec 19, 2015

@computerwizjared thanks for the hint on combining the files. Any thoughts on how to automate this for the 90 day renewals?

Also, I used this lightweight version of letsencrypt on my ajenti setup and got it working fine: https://github.com/lukas2511/letsencrypt.sh

wrapper commented Dec 19, 2015

@computerwizjared thanks for the hint on combining the files. Any thoughts on how to automate this for the 90 day renewals?

Also, I used this lightweight version of letsencrypt on my ajenti setup and got it working fine: https://github.com/lukas2511/letsencrypt.sh

@computerwizjared

This comment has been minimized.

Show comment
Hide comment
@computerwizjared

computerwizjared Dec 19, 2015

@wrapper No, sorry :/ You'll have to go and manually do it unless someone makes a solution... I'm not experienced enough to do that.

computerwizjared commented Dec 19, 2015

@wrapper No, sorry :/ You'll have to go and manually do it unless someone makes a solution... I'm not experienced enough to do that.

@wrapper

This comment has been minimized.

Show comment
Hide comment

wrapper commented Dec 20, 2015

@brianjking

This comment has been minimized.

Show comment
Hide comment
@brianjking

brianjking Dec 21, 2015

@wrapper

When I took a look at your guide at https://www.usayd.com/2015/12/20/ngnix-vps-using-ajenti-with-full-https-encryption/ I have a few questions:

  • Do you actually use the 4096 keysize as pre-configured in https://github.com/lukas2511/letsencrypt.sh? Based on my reading 2048 is actually a better option based on processing power & browser support.
  • Under step 3 on your site you're showing the edits made to the wellknown section of config.sh
  • By default this is #WELLKNOWN="${BASEDIR}/.acme-challenges" are you saying that I would remove the # and replace this with /srv/domainname
  • What about for additional sites? How will the WELLKNOWN configuration above influence this?

brianjking commented Dec 21, 2015

@wrapper

When I took a look at your guide at https://www.usayd.com/2015/12/20/ngnix-vps-using-ajenti-with-full-https-encryption/ I have a few questions:

  • Do you actually use the 4096 keysize as pre-configured in https://github.com/lukas2511/letsencrypt.sh? Based on my reading 2048 is actually a better option based on processing power & browser support.
  • Under step 3 on your site you're showing the edits made to the wellknown section of config.sh
  • By default this is #WELLKNOWN="${BASEDIR}/.acme-challenges" are you saying that I would remove the # and replace this with /srv/domainname
  • What about for additional sites? How will the WELLKNOWN configuration above influence this?
@landsman

This comment has been minimized.

Show comment
Hide comment
@landsman

landsman Dec 21, 2015

What about plugin to Anjeti? :)

landsman commented Dec 21, 2015

What about plugin to Anjeti? :)

@dschense

This comment has been minimized.

Show comment
Hide comment
@dschense

dschense Jan 13, 2016

anybody used these certs with the mail ? TLS support?

tried with Courier and exim4.
put the fullchain.pem and the privkey.pem into the TLS config in the Ajenti panel.

I can sent and recive Mails, but not from GoogleMail. I think the problem is, google does not trust the Cert. anybody tried this as well and has a solution for this ?

dschense commented Jan 13, 2016

anybody used these certs with the mail ? TLS support?

tried with Courier and exim4.
put the fullchain.pem and the privkey.pem into the TLS config in the Ajenti panel.

I can sent and recive Mails, but not from GoogleMail. I think the problem is, google does not trust the Cert. anybody tried this as well and has a solution for this ?

@simsketch

This comment has been minimized.

Show comment
Hide comment
@simsketch

simsketch Mar 16, 2016

What's the alternative to using let's encrypt?

simsketch commented Mar 16, 2016

What's the alternative to using let's encrypt?

@davidoster

This comment has been minimized.

Show comment
Hide comment
@davidoster

davidoster May 5, 2016

Newest tutorial from Sean McNamara 👍
Let's Encrypt in Ajenti-V

Question: Is mail support going to be affected in any way?

davidoster commented May 5, 2016

Newest tutorial from Sean McNamara 👍
Let's Encrypt in Ajenti-V

Question: Is mail support going to be affected in any way?

@landsman

This comment has been minimized.

Show comment
Hide comment
@landsman

landsman May 15, 2016

@davidoster easy, but we need solve every 3. month auto re-generation certificates too. What about new domains? For anjeti will be good some global plugin which solve all theese things.

landsman commented May 15, 2016

@davidoster easy, but we need solve every 3. month auto re-generation certificates too. What about new domains? For anjeti will be good some global plugin which solve all theese things.

@davidoster

This comment has been minimized.

Show comment
Hide comment
@davidoster

davidoster Jun 23, 2016

Another way, manually though,
https://gethttpsforfree.com/
All code is on github!!!

davidoster commented Jun 23, 2016

Another way, manually though,
https://gethttpsforfree.com/
All code is on github!!!

@UdoKifferbrehl

This comment has been minimized.

Show comment
Hide comment

UdoKifferbrehl commented Aug 24, 2016

+1

@boredland

This comment has been minimized.

Show comment
Hide comment
@boredland

boredland Oct 15, 2016

For the ajenti-Panel the problem is Ajenti requiring a combined keychain (privkey.pem+fullchain.pem). The easiest way to get letsencrypt to work with ajenti is:

  • setup ssl for your domain (under which you use ajenti)
  • add the cronjob for your cert renewal
  • add a second one for the creation of the combined keychain like that:

for dir in $(ls -d /etc/letsencrypt/live/*); do cat $dir/privkey.pem $dir/fullchain.pem > $dir/fullkeychain.pem; done

And finally point the key in config.json to that "fullkeychain.pem".

boredland commented Oct 15, 2016

For the ajenti-Panel the problem is Ajenti requiring a combined keychain (privkey.pem+fullchain.pem). The easiest way to get letsencrypt to work with ajenti is:

  • setup ssl for your domain (under which you use ajenti)
  • add the cronjob for your cert renewal
  • add a second one for the creation of the combined keychain like that:

for dir in $(ls -d /etc/letsencrypt/live/*); do cat $dir/privkey.pem $dir/fullchain.pem > $dir/fullkeychain.pem; done

And finally point the key in config.json to that "fullkeychain.pem".

@davidoster

This comment has been minimized.

Show comment
Hide comment
@davidoster

davidoster Oct 15, 2016

Well I did a write up, that can be fully automated under a cron job.
It's called LetsEncryptFast.
All the details are here: https://github.com/davidoster/letsencrypt-fast
It is based on the excellent work of the people behind : https://zerossl.com/

davidoster commented Oct 15, 2016

Well I did a write up, that can be fully automated under a cron job.
It's called LetsEncryptFast.
All the details are here: https://github.com/davidoster/letsencrypt-fast
It is based on the excellent work of the people behind : https://zerossl.com/

@JoorgeFerrari

This comment has been minimized.

Show comment
Hide comment
@JoorgeFerrari

JoorgeFerrari Feb 10, 2017

@computerwizjared how did you figure the certificate concatenation? you're a genius!

JoorgeFerrari commented Feb 10, 2017

@computerwizjared how did you figure the certificate concatenation? you're a genius!

@computerwizjared

This comment has been minimized.

Show comment
Hide comment
@computerwizjared

computerwizjared Feb 10, 2017

@JoorgeFerrari only about an hour of experimentation ;)

computerwizjared commented Feb 10, 2017

@JoorgeFerrari only about an hour of experimentation ;)

@JoorgeFerrari

This comment has been minimized.

Show comment
Hide comment
@JoorgeFerrari

JoorgeFerrari Feb 10, 2017

@computerwizjared any idea on how to use letsencrypt to use TLS on mailboxes?

JoorgeFerrari commented Feb 10, 2017

@computerwizjared any idea on how to use letsencrypt to use TLS on mailboxes?

@computerwizjared

This comment has been minimized.

Show comment
Hide comment
@computerwizjared

computerwizjared Feb 10, 2017

@JoorgeFerrari I'm not entirely sure, sorry. I haven't worked with Ajenti or Let's Encrypt for a few months.

computerwizjared commented Feb 10, 2017

@JoorgeFerrari I'm not entirely sure, sorry. I haven't worked with Ajenti or Let's Encrypt for a few months.

@JoorgeFerrari

This comment has been minimized.

Show comment
Hide comment
@JoorgeFerrari

JoorgeFerrari Feb 10, 2017

@JoorgeFerrari have you gone to cPanel or are you using another solution? Can you point me any other option than ajenti?

JoorgeFerrari commented Feb 10, 2017

@JoorgeFerrari have you gone to cPanel or are you using another solution? Can you point me any other option than ajenti?

@computerwizjared

This comment has been minimized.

Show comment
Hide comment
@computerwizjared

computerwizjared Feb 10, 2017

computerwizjared commented Feb 10, 2017

@bchrobot

This comment has been minimized.

Show comment
Hide comment
@bchrobot

bchrobot Apr 23, 2017

Looks like a plugin was started for this, although it looks like development has stalled:

https://github.com/herooutoftime/ajenti-letsencrypt

bchrobot commented Apr 23, 2017

Looks like a plugin was started for this, although it looks like development has stalled:

https://github.com/herooutoftime/ajenti-letsencrypt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment