Create v-update-host-certificate

[robindirksen1]

Add a file that's setting the hostname certificate for exim, dovecot & vesta-web so the email is always with a valid LE certificate.

Todo:

• add to cronjobs (default every month) of adds to lets encrypt renewall/request when updating system hostname certificate

[robindirksen1]

@madeITBelgium @dpeca what do you guys think of this PR?

[madeITBelgium]

It's a good start. Maybe you can add a checkbox in de server configuration page. Also some config parameter that you know that letsencrypt is enabled.

[dpeca]

My experience says that it's better (for Exim and Dovecot) to use fullchain file insted of certificate file.
I think fullchain file is file with .pem extension in .../conf/web/ folder (correct me if it's not fullchain file?)
(edited)

[robindirksen1]

Looks like the .pem file is the fullchain (that file contains the certificate of letsencrypt right?)?

[dpeca]

Yes, yes.
My bad.

pem = crt + ca

So, .pem file should be used instead of .crt

[dpeca]

I simply had certificate issue if I use just .crt file.
(Outlook says certificate is not trustable, etc...)

[robindirksen1]

Apple mail to @dpeca

[dpeca]

The same stuff is with some browsers.
With fullchain everything works fine.

[robindirksen1]

Nice, so okay, with this script the vestacp certificate is getting updated, if the users provide an alias with the request (for example: mail.server.com) it will be available in the mail to use mail.server.com (or the other aliases), right?

[dpeca]

I think yes.

[robindirksen1]

so you think this is ready @dpeca ?

[dpeca]

I made few fixes - 38b7557

Todo: Script need to be called when vesta updates hostname SSL

[robindirksen1]

Okay, nice! But when vesta updates hostname SSL, but when you set another user (not admin) domain to be the valid ssl, then it needs to use that certificate instead of the (default) hostname. Right?

[dpeca]

Well, when Vesta renew SSL's, it should check if it is server hostname, then Vesta will know when to call v-update-host-certificate and what is the owner of that domain.

I made another little fix - fc60a99

[robindirksen1]

That's true, can it check the certificate which is used? Or maybe it's smarter to set a symbolic link to the correct folder, but can that with the permissions?

[dpeca]

Not sure about permisions, but current solution with copying is fine.
In next few days I'll take a look in what script we should trigger v-update-host-certificate (when Vesta set SSL for domin that is also hostname)

[dpeca]

Additional fix - ba14a64

[dpeca]

I made now option to automatically use this script - b2e75d8