Skip to content

Instantly share code, notes, and snippets.

@nuxwin

nuxwin/README.md

Last active May 27, 2018 06:28
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save nuxwin/1389ba76d6e9e41d5781bdecd96198f9 to your computer and use it in GitHub Desktop.
Save nuxwin/1389ba76d6e9e41d5781bdecd96198f9 to your computer and use it in GitHub Desktop.
Download ZIP
i-MSCP Let's Encrypt plugin
Raw
README.md

i-MSCP LetsEncrypt plugin v3.4.0

Introduction

Provides free SSL certificates through the Let's Encrypt CA.

Requirements

  • i-MSCP Serie 1.4.x, 1.5.x

Installation

  1. Be sure that all requirements as stated in the requirements section are met
  2. Upload the plugin through the plugin management interface
  3. Edit the plugin configuration file according your needs
  4. Install the plugin through the plugin management interface

Note that the plugin installation can take up several minutes due to build of the Python virtual environment.

Update

  1. Be sure that all requirements as stated in the requirements section are met
  2. Backup your plugin configuration file if needed
  3. Upload the plugin through the plugin management interface

Note that the plugin installation can take up several minutes due to build of the Python virtual environment.

Restore your plugin configuration file if needed

  1. Restore your plugin configuration file (compare it with the new version first)
  2. Update the plugin list through the plugin management interface

Plugin deactivation/uninstallation

When the plugin is being deactivated or uninstalled, existent SSL certificates are not removed. Thus any SSL certificate already issued is still usable.

Plugin actions on SSL certificates

The plugin actions for SSL certificates that are shown in both the administrators and customers UI are only given for informational purpose. The real actions that are executed by the backend side of the plugin depend on SSL certificates state. In other words, the plugin is smart enough to not issue or renew an SSL certificate when that is not necessary.

Manual execution of the Certbot client

You should really avoid to execute the Certbot client manually, or even through your own scripts, without knowing what your are doing. If you really want execute the Certbot client manually, you should at least reuse the account that is used by this plugin, which is bound to the default administrator email address that you can find in the /etc/imscp/imscp.conf file.

If you execute the Certbot client manually for one or more of sites managed by i-MSCP, you must bear in mind that i-MSCP isn't aware of the SSL vhost files that are automatically generated by the Certbot client. Thus, you could end with an inconsistent Apache2 configuration.

NO SUPPORT will be provided if following a manual invocation of the Certbot client, one or many of your SSL certificate lineages are in inconsistent states.

Certbot client version

It is possible to use either the latest released version, or the development version of the Certbot client by changing the value of the certbot_version configuration parameter in the plugin configuration file. Bear in mind that the usage of a development version is discouraged in production environments as the plugin cannot ensure backward compatibility with newer versions of the Certbot client.

Let's Encrypt registration

The plugin automatically register to Let's Encrypt, using the administrator email address that you have provided during i-MSCP setup phase. If you need change that email after a while, you must not forget to run the following command to update the Let's Encrypt account:

certbot register --update-registration --email <new_email>

where <new_email> is your new email address.

If you don't do so, a new account will be created using the new email address and there will be inconsistencies with SSL certificate lineages, making the plugin unable to work properly.

Let's Encrypt Rate Limits

When you hit a Let's Encrypt rate limit, the plugin automatically queue the SSL certificate task for later processing (aka. pending task). The pending taks are automatically processed by the plugin through a cron job that is run once per hour (default configuration). Bear in mind that pending tasks remain as long as the Let's Encrypt rate limits are not released.

Be sure to read https://letsencrypt.org/docs/rate-limits

Let's Encrypt for the control panel and/or services (FTP, IMAP/POP and SMTP)

To enable Let's Encrypt for the control panel and/or services you must in order:

  • Enable SSL on i-MSCP side for the control panel and/or services, by choosing the self-signed SSL certificate option
  • Connect as administrator to the control panel
  • Activate Let's Encrypt for the control panel and/or services through the administrator's Let's Encrypt interface.

The link for accessing the administrator's Let's Encrypt interface is available in the System tools section.

Note for PanelRedirect plugin users

If you use the PanelRedirect plugin, you must ensure that you have a version greater or equal to 1.1.5, else, the domain validations will fail.

Plugin translation

You can translate this plugin using a gettext translation editor such as Poedit. Translation files are located under the ./l10n directory, inside of the plugin archive. Once translated you can send us your translation file (po file) for integration in future release.

Note that if no translation file exists for your localization in the ./l10n/po directory, you must create it first from the l10n/LetsEncrypt.pot file. Be aware that your file must be UTF-8, else, it won't be accepted.

License

i-MSCP LetsEncrypt plugin

@author Laurent Declercq <l.declercq@nuxwin.com>
@copyright (C) 2016-2018 Laurent Declercq <l.declercq@nuxwin.com>
@license i-MSCP License <https://www.i-mscp.net/license-agreement.html>

See the LICENSE file inside the archive for further details.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment