Перед выполнением скрипта нужно выпустить новый сертификат letsencrypt
1 |
v-add-letsencrypt-domain admin domain.com |
где
admin — пользователь, в котором находиться сайт для пере выпуска сертификата
domain.com — сайт для которого выпускается сертификат
https://git.scit.ch/rs/VestaCP-SystemSSL
VestaCP System SSL
The target was to use Let’s Encrypt for VestaCP SSL Cert based in /usr/local/vesta/ssl. First try was to do add the server domain to the admin user, create a let’s encrypt certificate (v-add-letsencrypt-domain) and do a symlink with the VestaCP SSL. A symlink produces a permission problem, because the exim4 service needs root:mail ownership to read the cert files. So I’ve written a small script, that compares the Let’s Encrypt Certificate with the system certificate, if the Let’s Encrypt Cert is updated, it will copy, change permission and restart the services.
1 |
nano /etc/cron.daily/vesta_ssl |
Please change the [USER] and [DOMAIN] part with your system domain.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
#!/bin/bash cert_src="/home/[USER]/conf/web/ssl.[DOMAIN].pem" key_src="/home/[USER]/conf/web/ssl.[DOMAIN].key" cert_dst="/usr/local/vesta/ssl/certificate.crt" key_dst="/usr/local/vesta/ssl/certificate.key" if ! cmp -s $cert_dst $cert_src then # Copy Certificate cp $cert_src $cert_dst # Copy Keyfile cp $key_src $key_dst # Change Permission chown root:mail $cert_dst chown root:mail $key_dst # Restart Services service vesta restart &> /dev/null service exim4 restart &> /dev/null fi |
1 |
chmod +x /etc/cron.daily/vesta_ssl |