How to install SSL Certificate to VestaCP, Exim and Dovecot Daemons

Many server owners don’t know how to install SSL to all daemons, especially to Exim4 and dovecot.

Now there is a new way that is built-in Vesta

Pre-required step: your server hostname must be full host address that is already pointing to IP of your server.
Check /etc/hostname to see what is your hostname.

If it’s not real host address, change it to some domain that you are hosting, by typing in SSH:

v-change-sys-hostname somedomain.com

and then
 HOSTNAME='somedomain.com' 

Now, first, lets install Letsencrypt SSL to domain that is your hostname.

In SSH, as root, run:

 v-add-letsencrypt-domain 'admin' $HOSTNAME '' 'yes' 

(change ‘admin’ if your hostname domain is not under ‘admin’ account)

This step will install LetsEncrypt the same way you can install it via Vesta web panel (so avoid this step if you already installed LetsEncrypt to your domain).

Of course, you can install any other certificate, not only free LetsEncrypt… you can do it via Vesta web panel by editing that domain.

Now in SSH do the follwing:

 v-update-host-certificate admin $HOSTNAME 

(change ‘admin’ if your hostname domain is not under ‘admin’ account)

This will apply just installed SSL to Vesta, Exim and dovecot daemons.

And finally run:

 echo "UPDATE_HOSTNAME_SSL='yes'" >> /usr/local/vesta/conf/vesta.conf 

This will tell Vesta to update SSL to Vesta, Exim and dovecot daemons every time when SSL is renewed.
This will happen automatically.

That’s all.
LetsEncrypt SSL will be automatically renewed every 2 months and also automatically applied to dovecot, Exim and Vesta.

And this is completely built-in way, without additional scripts, Vesta itself do it.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.