LetsEncrypt Plugin

Hallo,

sorry to open another Topic, but the support topic for Let's Encrypt is closed.

Are there any plans to extend the Let's Encrypt plugin to also set certificates for all used server products?
(nginx, postfix, dovecot, courier, proftpd, vsftp)

Sry to ask again:
My services certs (postfix, dovecot, proftpd, imscp) expire in 3 month. I-MSCPVersion 1.3.0 was released about 14 days ago and for automatically service renewal there has to be the new version 1.4.0 - I do not know your release plan but I think 3 months is a little bit too less time to get the new version.

So I wanted to generate a "workaround" till there is a new version of I-MSCP and the letsencrypt plugin.

My idea is:

• Let the plugin generate and renew my certs (see LetsEncrypt - own certs)
• Generate the needed pem files
  
  
  • Postfix & Dovecot use one
  • Proftpd
  • I-MSCP
• Overwrite the generated pem files with the current pem files
• Restart the services

But there is one thing I am not able to do:
I have no idea what to do with the letsencrypt certs to get the pem files you need for all the services. Can someone help me to generate them?

Thx for the info, I try your second solution the next days and give a feedback (and hopefuly a short howto for all letsencrypt users )

ok I tested it now doing the following steps:

• created the webpages for the service and admin interface url
• enabled the let's encrypt for both
• created a backup of the original files:
  
  
  • /etc/imscp/your_admin_domain_path.pem (depending on your domain)
  • /etc/imscp/imscp_services.pem
• symlinked both certs:
  
  
  • ln -s /var/www/imscp/gui/data/certs/your_admin_domain_path.pem /etc/imscp/your_admin_domain_path.pem
  • ln -s /var/www/imscp/gui/data/certs/your_service_domain.pem /etc/imscp/imscp_services.pem
• gave the symlinks the same permissions like they had before (no idea if this is needed - just to be sure nothing changed for the system):
  
  
  • chown -h root:imscp /etc/imscp/your_admin_domain_path.pem
  • chown -h root:imscp /etc/imscp/imscp_services.pem
• reloaded all services
  
  
  • service nginx reload
  • service proftpd reload
  • service dovecot reload
  • service postfix reload
• verified the new certs using following tools:
  
  
  • Tool (for ports 465, 587): https://www.digicert.com/util/ (can show which cert is used on a given port or address)
  • Onlin E-Mail server ssl check: https://de.ssl-tools.net/mailservers
  • Filezilla for ftpes (shows cert dialog on ftpes connect - just enter servername: "ftpes://your_service_domain")
  • Browser for administration interface ssl cert
• added certbot posthook to reload all services
  
  
  • open "/var/www/imscp/gui/plugins/LetsEncrypt/config.php"
  • add a new array line for post hooks (should look like this if you do not have changed it before):
    
    Code

    1. 'certbot_cmd_create_options' => array(
    2. '--rsa-key-size 4096',
    3. '--renew-hook "service nginx reload && service postfix reload && service dovecot reload && service proftpd reload"'
    4. ),

    (I have choosen to use "--renew-hook" instead of "--post-hook" because it is only called once upon renew process. "--post-hook" is called on every new certificate too which is not needed.)
    

  • go into the admin panel an reload the plugins (to apply the config.php changes)

And that should be enought. The last part using the "--renew-hook" is not tested (sry have no idea how to test that).

@Ninos

Now I got some errors creating new Let's encrypt certs. The mistake was to modify the "certbot_cmd_create_options" parameter by adding the line:

Is there any possibility in the current plugin to use the renew hook (or any post hook which is called on updating certs)?

@Ninos
No it is still not working.

Message:

(Seems like after adding my line(s) there is a mistage inside the command line)