Articles in this section

See more

How to renew the SSL of the Master Hostname for SolusVM using acme.sh script?

Avatar
Harsha Nambi
Updated
Follow

Applicable to:

  • SolusVM

Question

How to renew the SSL of the Master Hostname for SolusVM using acme.sh script?

Answer

SSL certificate will be expired in 90days if the Master Hostname SSL is configured using the below document:

https://github.com/Neilpang/acme.sh/wiki/Deploy-ssl-to-SolusVM

In order to renew it:

  1. Execute the following command on the SolusVM Master node:

    # /root/.acme.sh/acme.sh --renew -d MASTER-HOSTNAME --force

    Note: new ssl.crt and ssl.key will be located at /usr/local/svmstack/nginx/ssl folder.

  2. In case noVNC HTML 5 console is in use, renew the SSL for noVNC as well:

    # cat /usr/local/svmstack/nginx/ssl/ssl.crt /usr/local/svmstack/nginx/ssl/ssl.key > /usr/local/solusvm/includes/nvnc/cert.pem

  3. Restart the svmstack-nginx service to apply the change:

    # service svmstack-nginx restart

 

Was this article helpful?
4 out of 5 found this helpful
Return to top

Comments

1 comment

Sort by Date Votes
  • Avatar
    Websavers Inc

    If you have followed the guide here to lock down the entire SolusVM control panel to all IPs except your own, then this renewal will fail because the deny all configuration will block Let's Encrypt IPs from validating the domain.

    To resolve this, you must edit /usr/local/svmstack/nginx/conf/services/legacy-master.conf

    In the `server{ listen 80;` section, add to the bottom of it:

    location /.well-known{
    allow all;
    }

    Then service svmstack-nginx restart

    Now the renewal will work. Perhaps Solus devs could add this into legacy-master.conf for future releases?

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles