Free SSL for CP Vesta - easy. And SSL for Laravel
Hello friends. There is no one to reveal the secret that the work of sites via the https protocol becomes not just a standard of living, but already a prerequisite. But many sites still continue to work through the unprotected http protocol. However, a large number of site owners are already thinking about switching to SSL. When searching for information on how to purchase a security certificate, resource owners face a number of difficulties. This is the choice of the type of certificate, price, the need for complex registration, confirmation of his identity and more. For many inexperienced users, it pushes away, pushing the transition to a secure protocol on the back burner. But there is a solution! Simple, free and fast.
Specifically, I’ll tell you how to get and set up an SSL certificate for free from the excellent project Let's Encrypt for the Vesta control panel. I assume that you have Git installed and you are using CP Vesta. If Git is not installed, then you need to install it. I execute all commands under the CentOS 6.x system. For other assemblies, the essence does not change.
For maximum convenience, you can create a bash script that can be called, for example, ssl.sh:
A few words of explanation. In the variable USERNAME, you must specify the user for whom the certificate will be obtained. For Vesta, the default is admin. DOMAIN is the domain variable for which you want to get a certificate. You must specify a bare host, for example, site.com
')
Then everything goes like clockwork. There will be a transition to the necessary directory for installation, repositories with github will be cloned. A directory will be created to store the settings files. After that, configs links will be created and Apache server will be restarted.
After the server is restarted, we will request the Let's Encrypt server to generate and obtain a certificate for a specific user and domain. All certificates and configs will be created for Vesta fully automatically, and the settings in the settings will be marked as SSL-enabled.
If your user name is admin, then certificates for the domain you specified will be copied to the / home / admin / conf / web directory, plus two additional config files will appear: shttpd.conf and snginx.conf. The first for Apache, the second for Nginx. If it is necessary to correct the paths for your root directory, then this can be done in these configs, since the paths will be written by default to public_html.
So, log in via ssh to your server as root. Create a script or simply enter commands manually. If you create a script, do not forget to put the execution rights - 755. Run the script and voila. Your site already has a certificate. You will only have to make 301 redirects from http to https.
The certificate will be valid only 90 days. Therefore, the last lines in the script make it possible to receive a new certificate every 60 days automatically.
If you use the Laravel 5.3 framework, then you will encounter the difficulty that all your images and links do not work via https, but continue to use the http protocol. What will immediately show an error for the user.
To solve this problem there is a simple and elegant solution. You just need to "force" the links in AppServiceProvider.php:
The essence of the boost is to automatically replace all references to the new protocol, as can be seen from the code.
That's all. If you want to do this focus for different sites, then just change the domain in the script to the one you need.
What do we have in the final? Run a single script in one line: sh ssl.sh And your site is already working on a secure protocol, without any unnecessary headaches. Good luck to all.
Specifically, I’ll tell you how to get and set up an SSL certificate for free from the excellent project Let's Encrypt for the Vesta control panel. I assume that you have Git installed and you are using CP Vesta. If Git is not installed, then you need to install it. I execute all commands under the CentOS 6.x system. For other assemblies, the essence does not change.
For maximum convenience, you can create a bash script that can be called, for example, ssl.sh:
#!/bin/bash # How to Install Let's Encrypt Certificate on VestaCP USERNAME = 'username' DOMAIN = 'mydomain.com' # Go to folder cd /usr/local # Clone git repositories git clone https://github.com/letsencrypt/letsencrypt.git git clone https://github.com/interbrite/letsencrypt-vesta.git git clone https://github.com/certbot/certbot.git # Create the “webroot” directory where Let's Encrypt will write the files needed for domain verification. mkdir -p /etc/letsencrypt/webroot # Now also symlink the Apache conf file in your Apache conf.d directory. ln -s /usr/local/letsencrypt-vesta/letsencrypt.conf /etc/httpd/conf.d/letsencrypt.conf # Symlink letsencrypt-auto and letsencrypt-vesta in /usr/local/bin for easier access. ln -s /usr/local/letsencrypt/letsencrypt-auto /usr/local/bin/letsencrypt-auto ln -s /usr/local/letsencrypt-vesta/letsencrypt-vesta /usr/local/bin/letsencrypt-vesta # Restart server service httpd restart # Install at yum install at # Command for get SSL certificate and automatic Renewals every 60 days letsencrypt-vesta -a 60 $USERNAME $DOMAIN A few words of explanation. In the variable USERNAME, you must specify the user for whom the certificate will be obtained. For Vesta, the default is admin. DOMAIN is the domain variable for which you want to get a certificate. You must specify a bare host, for example, site.com
')
Then everything goes like clockwork. There will be a transition to the necessary directory for installation, repositories with github will be cloned. A directory will be created to store the settings files. After that, configs links will be created and Apache server will be restarted.
After the server is restarted, we will request the Let's Encrypt server to generate and obtain a certificate for a specific user and domain. All certificates and configs will be created for Vesta fully automatically, and the settings in the settings will be marked as SSL-enabled.
If your user name is admin, then certificates for the domain you specified will be copied to the / home / admin / conf / web directory, plus two additional config files will appear: shttpd.conf and snginx.conf. The first for Apache, the second for Nginx. If it is necessary to correct the paths for your root directory, then this can be done in these configs, since the paths will be written by default to public_html.
So, log in via ssh to your server as root. Create a script or simply enter commands manually. If you create a script, do not forget to put the execution rights - 755. Run the script and voila. Your site already has a certificate. You will only have to make 301 redirects from http to https.
The certificate will be valid only 90 days. Therefore, the last lines in the script make it possible to receive a new certificate every 60 days automatically.
If you use the Laravel 5.3 framework, then you will encounter the difficulty that all your images and links do not work via https, but continue to use the http protocol. What will immediately show an error for the user.
To solve this problem there is a simple and elegant solution. You just need to "force" the links in AppServiceProvider.php:
public function boot() { // If production site. if (env('APP_ENV') === 'production') { // Change all links to https. \URL::forceSchema('https'); } } The essence of the boost is to automatically replace all references to the new protocol, as can be seen from the code.
That's all. If you want to do this focus for different sites, then just change the domain in the script to the one you need.
What do we have in the final? Run a single script in one line: sh ssl.sh And your site is already working on a secure protocol, without any unnecessary headaches. Good luck to all.
Source: https://habr.com/ru/post/320824/
All Articles