Free SSL for CP Vesta - easy. And SSL for Laravel
In a specific case, I will tell you how to get and configure an SSL certificate from an excellent Let's Encrypt project for the Vesta control panel for free. I assume that you have Git installed and you are using CP Vesta. If Git is not installed, then you need to install it. I execute all commands under the CentOS 6.x system. For other assemblies, the essence does not change.
For maximum convenience, you can create a bash script, which can be called, for example, ssl.sh:
#!/bin/bash
# How to Install Let’s Encrypt Certificate on VestaCP
USERNAME = 'username'
DOMAIN = 'mydomain.com'
# Go to folder
cd /usr/local
# Clone git repositories
git clone https://github.com/letsencrypt/letsencrypt.git
git clone https://github.com/interbrite/letsencrypt-vesta.git
git clone https://github.com/certbot/certbot.git
# Create the “webroot” directory where Let’s Encrypt will write the files needed for domain verification.
mkdir -p /etc/letsencrypt/webroot
# Now also symlink the Apache conf file in your Apache conf.d directory.
ln -s /usr/local/letsencrypt-vesta/letsencrypt.conf /etc/httpd/conf.d/letsencrypt.conf
# Symlink letsencrypt-auto and letsencrypt-vesta in /usr/local/bin for easier access.
ln -s /usr/local/letsencrypt/letsencrypt-auto /usr/local/bin/letsencrypt-auto
ln -s /usr/local/letsencrypt-vesta/letsencrypt-vesta /usr/local/bin/letsencrypt-vesta
# Restart server
service httpd restart
# Install at
yum install at
# Command for get SSL certificate and automatic Renewals every 60 days
letsencrypt-vesta -a 60 $USERNAME $DOMAIN
A few words of explanation. In the USERNAME variable, you must specify the user for whom the certificate will be received. For Vesta, the default is admin. DOMAIN is the domain variable for which you want to receive a certificate. You need to specify a bare host, for example, site.com
Further everything goes like clockwork. There will be a transition to the directory necessary for installation, repositories from github will be cloned. A directory will be created to store the configuration files. After that, config links will be created and the Apache server will be restarted.
After the server is restarted, a request will be made to the Let's Encrypt server to generate and obtain a certificate for a specific user and domain. All certificates and configs will be created for Vesta completely automatically, and the site in the settings will be marked as supporting SSL.
If your user name is admin, then the certificates for the domain you specified will be copied to the directory / home / admin / conf / web, plus two additional configs will appear: shttpd.conf and snginx.conf. The first for Apache, the second for Nginx. If you need to correct the paths for your root directory, then this can be done in these configs, since the paths will be registered by default to public_html.
So, go ssh to your server as root. Create a script or simply enter commands manually. If you created a script, then do not forget to put execution rights - 755. Run the script and voila. Your site already has a certificate. All that remains is to do a 301 redirect from http to https.
The certificate will be valid only 90 days. Therefore, the last lines in the script make it possible to receive a new certificate every 60 days in automatic mode.
If you use the Laravel 5.3 framework, then you will encounter the difficulty that all your images and links do not work through https, but continue to use the http protocol. What the error will immediately be shown to the user.
There is a simple and elegant solution to solve this problem. You just need to "force" the links in AppServiceProvider.php:
public function boot()
{
// If production site.
if (env('APP_ENV') === 'production') {
// Change all links to https.
\URL::forceSchema('https');
}
}
The essence of forcing is to automatically replace all links to a new protocol, as can be seen from the code.
That's all. If you want to do this trick for your various sites, then just change the domain in the script to the one you need.
What do we have in the finale? Running one script with one line: sh ssl.sh And your site is already working on a secure protocol, without any unnecessary headache. Good luck to all.