How to Use Let’s Encrypt SSL Certificate for Hostname on VestaCP or HestiaCP Login Panel

Let’s Encrypt is a free, automated, and open certificate authority run by Internet Security Research Group (ISRG) that provides X.509 certificates for Transport Layer Security encryption. The certificate is valid for 90 days, during which renewal can take place at any time.

Free web panels, such as VestaCP, MyVestaCP, and Hestia, have links/buttons to install Let’s Encrypt SSL Certificate without typing any command. When you install VestaCP or HestiaCP or MyVestaCP on your server, you mention the server name (hostname). MyVestaCP generates the Let’s Encrypt certificate for your server name, but HestiaCP and VestaCP install their own certificates which are not valid on any browsers. So, when you try to login to these panels, browsers will flag an “insecure website” message. You can install Let’s Encrypt SSL certificate to get rid of the message. Here are the steps:

  • Login to VestaCP/HetiaCP as admin using the hostname along with port number e.g. https://servername.domain.com:8083
  • Logged in as admin, click on the “WEB” link on the menu. It will show your hostname of the server. If you hover your mouse on the hostname, you will see the “EDIT” button, click on the “EDIT” button.
Let's encrypt for vestacp or hestiacp 1
  • Scroll down to find “SSL Support” and “Let’s Encrypt Support”. Check both of them and click on the “Save” button.
Let's encrypt for vestacp or hestiacp 2
  • Let’s Encrypt certificates will be generated and will be saved in the folder /home/admin/conf/web/.
  • If you are using HestiaCP, edit the file: /usr/local/hestia/nginx/conf/nginx.conf . If you are using VestaCP, edit the file: /usr/local/vesta/nginx/conf/nginx.conf . In this file, search for words – ssl_certificate, and ssl_certificate_key and make the following changes. i.e. comment out the default certificates and enable Let’s Encrypt certificates.
#ssl_certificate      /usr/local/vesta/ssl/certificate.crt;
#ssl_certificate_key  /usr/local/vesta/ssl/certificate.key;
ssl_certificate /home/admin/conf/web/ssl.hostname.domain.com.crt;
ssl_certificate_key /home/admin/conf/web/ssl.hostname.domain.com.key;
  • If you do not want to edit the above nginx.conf file. Run the following 4 commands on the terminal. First two commands will rename the existing certificate and the last two commands will create a symbolic link to point to the new let’s encrypt certificate.
--Rename:
mv /usr/local/vesta/ssl/certificate.crt /usr/local/vesta/ssl/vestacer.crt
mv /usr/local/vesta/ssl/certificate.key /usr/local/vesta/ssl/vestacer.key

-- create symblic link:
ln -s /home/admin/conf/web/ssl.hostname.domain.com.crt /usr/local/vesta/ssl/certificate.crt
ln -s /home/admin/conf/web/ssl.hostname.domain.com.key /usr/local/vesta/ssl/certificate.key
  • Save the file and restart VestaCP/HestiaCP.
service vesta restart
OR
service hestia restart
  • Clear the browser cache and then try logging into your web panel as admin. Browser warning will be gone.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.