Welcome to Centmin Mod Community
Register Now

Letsencrypt Is it possible to install letsencrypt without creating a new vhost?

Discussion in 'Domains, DNS, Email & SSL Certificates' started by CarpCharacin, Nov 25, 2016.

  1. CarpCharacin

    CarpCharacin Member

    203
    14
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +18
    Local Time:
    7:19 AM
    1.13.0
    MariaDB 10
    Is it?
     
  2. eva2000

    eva2000 Administrator Staff Member

    28,923
    6,565
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,742
    Local Time:
    11:19 PM
    Nginx 1.13.x
    MariaDB 5.5
    Not really as letsencrypt requires domain validation and that requires verifying domain name DNS wise goes to the server IP and that you own the domain. The verification is done via webroot authentication which means for Centmin Mod, letsencrypt client i.e. addons/acemtool.sh underlying acme.sh client will auto create a verification file in domain.com's web root at /home/nginx/domains/domain.com/public and then letsencrypt servers access domain.com/path/to/verification/file to confirm your domain. So you do need create a new vhost via centmin.sh menu option 2 if you enable addons/acmetool.sh in 123.09beta01. There's also manual methods if you don't want to use centmin.sh menu option 2 via addons/acmetool.sh. But it still involves creating nginx vhost as webroot authentication is need for letsencrypt to verify your domain.

    manual methods
     
    • Informative Informative x 1
  3. CarpCharacin

    CarpCharacin Member

    203
    14
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +18
    Local Time:
    7:19 AM
    1.13.0
    MariaDB 10
    But what makes it impossible to enable acmetool.sh in an existing vhost?
     
  4. eva2000

    eva2000 Administrator Staff Member

    28,923
    6,565
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,742
    Local Time:
    11:19 PM
    Nginx 1.13.x
    MariaDB 5.5
    Oh i thought you meant get letsencrypt ssl cert without creating an existing domain nginx vhost site. If you already have existing nginx vhost site, you can directly use addon/acmetool.sh for automated letsencrypt on new or existing domain but it's beta and needs testing and feedback. Or you can do it manually via manual methods

    manual methods
    which work on existing nginx vhost domains
     
    • Like Like x 1
  5. CarpCharacin

    CarpCharacin Member

    203
    14
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +18
    Local Time:
    7:19 AM
    1.13.0
    MariaDB 10
    I have a vhost for utahfishkeepers.us and it is running and I want to add letsencrypt to it without creating a new vhost.
     
  6. eva2000

    eva2000 Administrator Staff Member

    28,923
    6,565
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,742
    Local Time:
    11:19 PM
    Nginx 1.13.x
    MariaDB 5.5
    then manual methods outlined above are what you need to do if you don't want to beta test addons/acmetool.sh directly
     
  7. CarpCharacin

    CarpCharacin Member

    203
    14
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +18
    Local Time:
    7:19 AM
    1.13.0
    MariaDB 10
    But would beta testing the tool be safe, or would it crash my site and burn it to the ground?
     
  8. CarpCharacin

    CarpCharacin Member

    203
    14
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +18
    Local Time:
    7:19 AM
    1.13.0
    MariaDB 10
    Also, do the certificates need maintaining?
     
  9. eva2000

    eva2000 Administrator Staff Member

    28,923
    6,565
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,742
    Local Time:
    11:19 PM
    Nginx 1.13.x
    MariaDB 5.5
    beta testing may mess up your nginx vhost files in certain combination or choices i.e. if you do test ssl cert then re-run for live ssl cert so yes may cause site downtime.

    The manual methods won't cause any such as you manually make the changes to the nginx vhost files as instructed

    no if you follow manual methods they ssl certs get auto renewed via underlying acme.sh cronjob
     
  10. eva2000

    eva2000 Administrator Staff Member

    28,923
    6,565
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,742
    Local Time:
    11:19 PM
    Nginx 1.13.x
    MariaDB 5.5
  11. CarpCharacin

    CarpCharacin Member

    203
    14
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +18
    Local Time:
    7:19 AM
    1.13.0
    MariaDB 10
    But will they get auto renewed if I test the tool?
     
  12. CarpCharacin

    CarpCharacin Member

    203
    14
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +18
    Local Time:
    7:19 AM
    1.13.0
    MariaDB 10
  13. eva2000

    eva2000 Administrator Staff Member

    28,923
    6,565
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,742
    Local Time:
    11:19 PM
    Nginx 1.13.x
    MariaDB 5.5
    no read the auto generated instructions ;)

    creating the vhost and vhost file are 2 separate things

    creating vhost means directory structures at /home/nginx/domains/domain.com/* etc

    while creating vhost file structure is needed for letsencrypt and is what the vhost generator does
     
  14. CarpCharacin

    CarpCharacin Member

    203
    14
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +18
    Local Time:
    7:19 AM
    1.13.0
    MariaDB 10
    I entered the domain name, but it wouldn't take it. It just said required field, but I filled it out.
     
  15. eva2000

    eva2000 Administrator Staff Member

    28,923
    6,565
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,742
    Local Time:
    11:19 PM
    Nginx 1.13.x
    MariaDB 5.5
    works for me for utahfishkeepers.us - no http just domain name itself
     
  16. eva2000

    eva2000 Administrator Staff Member

    28,923
    6,565
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,742
    Local Time:
    11:19 PM
    Nginx 1.13.x
    MariaDB 5.5
    upload_2016-11-25_13-8-36.png
    upload_2016-11-25_13-10-1.png
     
    • Like Like x 1
  17. CarpCharacin

    CarpCharacin Member

    203
    14
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +18
    Local Time:
    7:19 AM
    1.13.0
    MariaDB 10
    Ok I think I just didn't see it. So I just run this command?
    Code:
    mkdir -p /usr/local/nginx/conf/ssl/utahfishkeepers.us
    cd /usr/local/nginx/conf/ssl/utahfishkeepers.us
    openssl dhparam -out dhparam.pem 2048
     
  18. eva2000

    eva2000 Administrator Staff Member

    28,923
    6,565
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,742
    Local Time:
    11:19 PM
    Nginx 1.13.x
    MariaDB 5.5
    no follow all generated steps that is just the first part (first 3 cmds)

    backup existing domain.us.conf file just in case
     
  19. CarpCharacin

    CarpCharacin Member

    203
    14
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +18
    Local Time:
    7:19 AM
    1.13.0
    MariaDB 10
    So I just run the first 3 listed commands and I am good to go? Do I have to install the tool?
     
  20. eva2000

    eva2000 Administrator Staff Member

    28,923
    6,565
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,742
    Local Time:
    11:19 PM
    Nginx 1.13.x
    MariaDB 5.5
    no no.. you need to follow all steps listed on entire generated page down to the new domain.com.ssl.conf and replacing the 3 ssl cert file paths.

    everything on generated page needs to be done including the other commands