-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create v-update-host-certificate #1317
Conversation
Add a file that's setting the hostname certificate for exim, dovecot & vesta-web so the email is always with a valid LE certificate. # Todo: - add to cronjobs (default every month) of adds to lets encrypt renewall/request when updating system hostname certificate
@madeITBelgium @dpeca what do you guys think of this PR? |
It's a good start. Maybe you can add a checkbox in de server configuration page. Also some config parameter that you know that letsencrypt is enabled. |
My experience says that it's better (for Exim and Dovecot) to use fullchain file insted of certificate file. |
Looks like the .pem file is the fullchain (that file contains the certificate of letsencrypt right?)? |
Yes, yes. pem = crt + ca So, .pem file should be used instead of .crt |
I simply had certificate issue if I use just .crt file. |
Apple mail to @dpeca |
The same stuff is with some browsers. |
Nice, so okay, with this script the vestacp certificate is getting updated, if the users provide an alias with the request (for example: mail.server.com) it will be available in the mail to use mail.server.com (or the other aliases), right? |
I think yes. |
so you think this is ready @dpeca ? |
I made few fixes - 38b7557 Todo: Script need to be called when vesta updates hostname SSL |
Okay, nice! But when vesta updates hostname SSL, but when you set another user (not admin) domain to be the valid ssl, then it needs to use that certificate instead of the (default) hostname. Right? |
Well, when Vesta renew SSL's, it should check if it is server hostname, then Vesta will know when to call v-update-host-certificate and what is the owner of that domain. I made another little fix - fc60a99 |
That's true, can it check the certificate which is used? Or maybe it's smarter to set a symbolic link to the correct folder, but can that with the permissions? |
Not sure about permisions, but current solution with copying is fine. |
Additional fix - ba14a64 |
I made now option to automatically use this script - b2e75d8 |
Add a file that's setting the hostname certificate for exim, dovecot & vesta-web so the email is always with a valid LE certificate.
Todo: