StartSSL on VestaCP admin panel

  • Posted on September 23, 2014
  • allenAsked by allen

I’m new to Vesta / VPS. I understand how to add StartSSL to my domains (through the vesta panel) but how do I add it to my VestaCP install? I’m currently using Debian 7 x64.

For example if i go to the IP https://xx.xx.xx.xx:8083 it shows a self signed cert with a google chrome warning page.

How do I use StartSSL for the vesta side so when my clients log in to vesta they do not see the warning page?

I am using the free StartSSL.

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

You’ll need to manually edit the Nginx config file for the Vesta admin server (the control panel is run from a second instance of Nginx running on port 8083).

  1. if you don’t already have one, I recommend first adding a site to your admin account that matches the hostname of your server (i.e. Not only will this give you a standard homepage for normal traffic to your server’s hostname (that you can later redirect to port 8083 so that you don’t have to remember if), but it also lets you use Vesta’s GUI to configure your certificate.
  2. Create the CSR and private key for your cert as you normally would and use the CSR to generate a cert with StartSSL.
  3. When you receive your cert from StartSSL, paste it and the StartSSL intermediate certs into the domain settings as you normally would.
  4. Test your site at (without the 8083 on the end) and make sure everything works.
  5. As root, create a directory where you’ll place the certificate. I use /etc/ssl.local, but the location isn’t important:

sudo mkdir /etc/ssl.local

  1. Inside this directory, use your favorite text editor (vi, nano, etc.) to create two files:

6. Paste the contents of the Vesta certificate fields into the files as follows:
a. Copy the "SSL Key" contnets into the .key file
b. Copy the "SSL Certificate" contents, followed by the "SSL Certificate Authority/Intermediate" contents into the .crt file

7. As a safety precaution, set the permissions so that only root can see these files:

```chmod 711 /etc/ssl.local
chmod 600 /etc/ssl.local/*```

8.  Edit the /usr/local/vesta/nginx/conf/nginx.conf file.  Find the lines that start "ssl_certificate" and "ssl_certificate_key" (around line 90) and edit them as follows:

```ssl_certificate /etc/ssl.local/
ssl_certificate_key /etc/local/```

9. Restart the Vesta services and open the admin console in your browser.

```service vesta restart```

10. Click on the lock icon to inspect the certificate and you should see your StartSSL cert.  If not, try refreshing cache.

Placed the new certificates in /usr/local/vesta/ssl/ and reboot or restart nginx and httpd

I’m using letsencrypt certificates on my vestacp admin panel, a lot less hassle to get / renew them.