Letsencrypt Is it possible to install letsencrypt without creating a new vhost?

Well, first thing you need to do is look at the vhost... it has only 1 IP allowed to access the admin.php and the /install directory. That needs to be changed the the IP's of whomever your "admins" are, with an IP entry for each. Until you do that, you can't access the admin.php.

Security... Security trumps stupidity of re-using the same username/password. In fact, you and each admin needs to have their OWN entry in it.
It's currently commented out (the IP blocks) so you are wide open.. but you ARE going to need to start learning to do this stuff yourself. I'm not going to provide "forever server admin" services for free. You were told that I'd set you up a BASIC VPS... and you are WELL above the level of a basic VPS setup now. You are wanting to get into areas that require some working knowledge and experience with Linux, but you are wanting to do it on a live site and not impact your site negatively - or get someone to do it for you for free.... THAT is why I still recommend you set up a test bed on your local computer to learn.

 

That's what I told you.. .it's disabled now. And anyone can hit your admin.php and start guessing your password to get in - or temporarily lock you out.

I'm not going to go and explain security 101 to you. This is a LOCK on the door to protect entry. Suffice to say, folks that know WAY more than you do are telling you that each admin needs their own user name and password and they don't need to be (and should NOT be) the same as you use anywhere else. To do otherwise is sheer stupidity and the reason that sites (like TAZ) get hacked so easily. Re-use of username/passwords or passwords that can be associated with a certain user. Do what you want, but I promise you, if your site gets hacked due to something like this, you will NOT get any assistance from me as you refused to help yourself and take basic security measures.

 

it's for the access to allow you to log into the /install directory or admin.php - before you do authentication against XF. It's a second layer of username/password security.

As I said, uncomment the lines (remove the # in front of them) and put your IP in place of the example on in there in the vhost definition for the ip blocking aspect. You will also need to create your htacess username/passwords and make sure that they are in the file that is pointed to in the vhost definition.

 

Once more (and the final time)... the password file is GIVEN to you (the path) in your vhost

You simply have to look in it and it will tell you where it is/goes (odds are it doesn't exist since you haven't created the file). The path/name given in the vhost is only an example. You can call it anything you like and put it in just about any readable (by nginx) location you like and then edit the path/filename data in the above entry to reflect the one you use. It's normally suggested to use the path that is provided, but change the name up.

As I explained to you on my others site.. .that's because the SSL vhost had no stanzas in it for that. It does now. The rest of the configuration will be yours to do. I've honestly given you several hundred dollars in "man hours" worth of labor (at my normal rate of charge), well above what I told you I would do.
Your SSL non-WWW is remapping to WWW like you wanted, your phpmyadmin and webmail interfaces stanzas are in the vhost and IPv6 should be answering on both SSL and non-SSL ports.
You will still need to do some configuration of RoundCube to reflect your new SSL setup.

 

As I said earlier.. the IP address is checking is disabled in your vhost (which is located in the standard CentMin location of /usr/local/nginx/conf/conf.d... and I know it is as I can hit your admin page and your install directory



... just check the vhost and look for any lines preceded with a #
That is a comment designator for the vhost. You will see something like # allow IP address here;