StartSSL on VestaCP admin panel

September 23, 2014 19.7k

I'm new to Vesta / VPS. I understand how to add StartSSL to my domains (through the vesta panel) but how do I add it to my VestaCP install? I'm currently using Debian 7 x64.

For example if i go to the IP https://xx.xx.xx.xx:8083 it shows a self signed cert with a google chrome warning page.

How do I use StartSSL for the vesta side so when my clients log in to vesta they do not see the warning page?

I am using the free StartSSL.

6 Answers

kodiak December 8, 2014

You'll need to manually edit the Nginx config file for the Vesta admin server (the control panel is run from a second instance of Nginx running on port 8083).

if you don't already have one, I recommend first adding a site to your admin account that matches the hostname of your server (i.e. myservername.mydomain.com). Not only will this give you a standard homepage for normal traffic to your server's hostname (that you can later redirect to port 8083 so that you don't have to remember if), but it also lets you use Vesta's GUI to configure your certificate.
Create the CSR and private key for your cert as you normally would and use the CSR to generate a cert with StartSSL.
When you receive your cert from StartSSL, paste it and the StartSSL intermediate certs into the domain settings as you normally would.
Test your site at https://myservername.mydomain.com (without the 8083 on the end) and make sure everything works.
As root, create a directory where you'll place the certificate. I use /etc/ssl.local, but the location isn't important:

sudo mkdir /etc/ssl.local

Inside this directory, use your favorite text editor (vi, nano, etc.) to create two files:

nano myservername.mydomain.com.key nano myservername.mydomain.com.crt

Paste the contents of the Vesta certificate fields into the files as follows:
a. Copy the "SSL Key" contnets into the .key file
b. Copy the "SSL Certificate" contents, followed by the "SSL Certificate Authority/Intermediate" contents into the .crt file
As a safety precaution, set the permissions so that only root can see these files:

chmod 711 /etc/ssl.local chmod 600 /etc/ssl.local/*

Edit the /usr/local/vesta/nginx/conf/nginx.conf file. Find the lines that start "sslcertificate" and "sslcertificate_key" (around line 90) and edit them as follows:

ssl_certificate /etc/ssl.local/myservername.mydomain.com.crt ssl_certificate_key /etc/local/myservername.mydomain.com.key

Restart the Vesta services and open the admin console in your browser.

service vesta restart

Click on the lock icon to inspect the certificate and you should see your StartSSL cert. If not, try refreshing cache.

AlexanderNL January 26, 2016

Great! Thank you!
- kodiak January 27, 2016
  
  You're welcome. Glad it was helpful.

wiak September 24, 2014

you might want to try
https://forum.vestacp.com
good luck :)

allen September 26, 2014

tried the forum, doesn't have anything on adding StartSSL to the VestaCP panel.

willamsphp February 21, 2015

https://hostvesta.com/tutorial-how-to-add-ssl-on-vestacp-domain-with-screenshots/

talaikistadas August 15, 2016

You should read the whole question first as the talk about adding SSL to Vesta admin, and not the domain hosted on Vesta.

allanice001 April 25, 2016

Placed the new certificates in /usr/local/vesta/ssl/ and reboot or restart nginx and httpd

I'm using letsencrypt certificates on my vestacp admin panel, a lot less hassle to get / renew them.

aneeshjoseph August 21, 2016
Correct :)

Overwrite existing certificate in /usr/local/vesta/ssl/ with new certificate. Keep old file name for new certificate.

/etc/init.d/vesta restart OR service vesta restart

sam927752 June 9, 2017

you may check this.
https://f11g.com/free-ssl-vestacp/

Have another answer? Share your knowledge.

Share

Share your Question

StartSSL on VestaCP admin panel

Leave a Comment

Almost there!

Report a Bug