I like ServerPilot a lot. How it configures the LAMP/LEMP stack and how it makes use of ACLs to give the secure access to individual users is really great. But I don't like a few things about it:
- It is entirely paid
- You need to give your server access away
To overcome these issues, I have come up with a free control panel. I have followed the best practices from ServerPilot in configuring NGINX, Apache, MySQL, and PHP as well as I have used a similary directory structure and I have made a similar use of ACLs. But it is entirely self-hosted. You can use my developed control panel to deploy and manage multiple PHP websites on a single server. It is entirely open source and free!!
** If you like it, consider giving it a star. I'll try to update this ServerPilot Let's encrypt automation script too.**
This Python utility allows you to automate the installation/uninstallation of SSL certificates from Let's Encrypt on ServerPilot servers. Both free servers (from old grand-fathered plan) and servers on premium plans are supported.
First of all, sign in as root user (or with sudo privileges). Now remove the very old script if you are still using it:
rm /usr/local/bin/rwssl
And then install some needed packages:
apt-get update && \
apt-get -y install python3-pip build-essential libssl-dev libffi-dev python3-dev
Uninstall older version if exists:
pip3 uninstall -y rwssl
And then install the latest version from PyPi:
pip3 install rwssl==2.0.4
Verify that the installation worked. This should bring up the help menu for rwssl:
rwssl -h
The alternate way to install rwssl is by cloning the repository:
cd ~/ && \
git clone https://github.com/rehmatworks/serverpilot-letsencrypt && \
cd serverpilot-letsencrypt && \
pip3 install -r requirements.txt && \
python3 setup.py install
Only Python 3.5 and up supported so you shoul install & use rwssl package using pip3 and Python 3.x.
Once rwssl is installed, a command rwssl
will become available in your terminal. You will have access to the following sub-commands in order to manage your server.
Update: Please note that old commands aren't available anymore due to a recent major upgrade. Please check below table for new commands that come with rwssl. You can get help by typing rwssl -h
as well.
Command | Details | Examples |
---|---|---|
getcert | Get letsencrypt cert for an app. | rwssl getcert --app foo |
getcerts | Get letsencrypt certs for all apps. | rwssl getcerts for all users apps or rwssl getcerts --user john for john's apps |
removecert | Uninstall SSL cert from an app. | rwssl removecert --app foo |
removecerts | Uninstall SSL certs for all apps. | rwssl removecerts for all users apps or rwssl removecerts --user john for john's apps |
forcessl | Force SSL certificate for an app. | rwssl forcessl --app foo |
unforcessl | Unforce SSL certificate for an app. | rwssl unforcessl --app foo |
forceall | Force HTTPs for all apps. | rwssl forceall for all users apps or rwssl forceall --user john for john's apps |
unforceall | Unforce HTTPs for all apps. | rwssl unforceall for all users apps or rwssl unforceall --user john for john's apps |
You can use rwssl -h
command to get to the help page on above commands.
To uninstall rwssl completely, run:
pip3 uninstall rwssl
As a CRON job is added for SSL renewals by rwssl, you can remove the CRON file by running:
rm /etc/cron.weekly/rwssl-sslrenewals
Moreoever, a conf file acme.conf
is created in conf directory of each app in vhosts.d. You should delete them as well. For example, if your app name is example, you should delete the conf file /etc/nginx-sp/vhosts.d/example.d/acme.conf
. Repeat this step for each app where you used rwssl to get the SSL certificates.
That's all!
A minor upgrade that addresses renewal CRON issue and DNS-related bug.
- Fixed invalid DNS bug
- Fixed renewal cron file generation
A major upgrade that addresses all reported bugs including SSL renewals.
- Custom path is used to store SSL certificates
- Certificate is named after app name (Addresses missing cert path issue)
- Improved vhost file parsing to get app details
- Dropped support for Python 2.x (Only Python 3.x is supported)
- Using Let's Encrypt staging server (via dry-run) for domain validation (To address quota issues)
- Using Jinja template engine to generate virtual host files from templates
- Using a custom ACME verification location (To avoid initial verifications & renewal issues)
- Using latest certbot Python package
- ACME v2 protocol support
- Added validation after vhost files are written (and changes are reverted if errors encountered)
For security-related issues, please email me at [email protected] and for common bug reports / feature requests, use the issues section.