Vesta cesspit

Documenting Vesta Control Panel errors since forever.

502 gateway error on sub.domain.tld

Information when proxying away from port, causes above error.

Issue

I was recently configuring VestaCP to bind to a specific sub-domain without requiring a port when I came across the following issue:

502 Bad Gateway

Looking around, I found a solution.

Solution

Simply visit the below directory with your choice of text editor:

/usr/local/vesta/php/etc/php-fpm.conf

Then simply look for the following block:

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0666
listen.owner = admin
listen.group = admin
listen.mode = 0660

...and change listen.group = admin to listen.group = www-data

Why? The web server by default will attempt to read the directory, and since www-data had not been given authorization, it will return a 502 Gateway error. Changing it to www-data will allow apache2 to read the VestaCP directory.

Let's Encrypt ACME validation on custom templates

Information regarding an error that which states that the ACME validation for Let's Encrypt could not validate ownership of a site.

Issue

I have a custom template setup with Vesta Control Panel, but it appears to not be complicit with Let's Encrypt and the nginx/apache2 setup.

Solution

In whichever template you choose in /usr/local/vesta/data/templates/web/nginx, you'll need to add the following line to two different files:

• [name].tpl
• [name].stpl

  # Necessary for Let's Encrypt Domain Name ownership validation
  location /.well-known/acme-challenge/ {
    try_files $uri /dev/null =404;
  }

Make sure to reset nginx!