Question

StartSSL on VestaCP admin panel

Posted September 23, 2014 26.3k views

I’m new to Vesta / VPS. I understand how to add StartSSL to my domains (through the vesta panel) but how do I add it to my VestaCP install? I’m currently using Debian 7 x64.

For example if i go to the IP https://xx.xx.xx.xx:8083 it shows a self signed cert with a google chrome warning page.

How do I use StartSSL for the vesta side so when my clients log in to vesta they do not see the warning page?

I am using the free StartSSL.

Add a comment
allen
By:
allen
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

6 answers
kodiak December 8, 2014

You’ll need to manually edit the Nginx config file for the Vesta admin server (the control panel is run from a second instance of Nginx running on port 8083).

  1. if you don’t already have one, I recommend first adding a site to your admin account that matches the hostname of your server (i.e. myservername.mydomain.com). Not only will this give you a standard homepage for normal traffic to your server’s hostname (that you can later redirect to port 8083 so that you don’t have to remember if), but it also lets you use Vesta’s GUI to configure your certificate.
  2. Create the CSR and private key for your cert as you normally would and use the CSR to generate a cert with StartSSL.
  3. When you receive your cert from StartSSL, paste it and the StartSSL intermediate certs into the domain settings as you normally would.
  4. Test your site at https://myservername.mydomain.com (without the 8083 on the end) and make sure everything works.
  5. As root, create a directory where you’ll place the certificate. I use /etc/ssl.local, but the location isn’t important:

sudo mkdir /etc/ssl.local

  1. Inside this directory, use your favorite text editor (vi, nano, etc.) to create two files:

nano myservername.mydomain.com.key
nano myservername.mydomain.com.crt

  1. Paste the contents of the Vesta certificate fields into the files as follows:
    a. Copy the “SSL Key” contnets into the .key file
    b. Copy the “SSL Certificate” contents, followed by the “SSL Certificate Authority/Intermediate” contents into the .crt file

  2. As a safety precaution, set the permissions so that only root can see these files:

chmod 711 /etc/ssl.local
chmod 600 /etc/ssl.local/*

  1. Edit the /usr/local/vesta/nginx/conf/nginx.conf file. Find the lines that start “sslcertificate” and “sslcertificate_key” (around line 90) and edit them as follows:

ssl_certificate /etc/ssl.local/myservername.mydomain.com.crt
ssl_certificate_key /etc/local/myservername.mydomain.com.key

  1. Restart the Vesta services and open the admin console in your browser.

service vesta restart

  1. Click on the lock icon to inspect the certificate and you should see your StartSSL cert. If not, try refreshing cache.
Reply Report
wiak September 24, 2014

you might want to try
https://forum.vestacp.com
good luck :)

Reply Report
allen September 26, 2014

tried the forum, doesn’t have anything on adding StartSSL to the VestaCP panel.

Reply Report
willamsphp February 21, 2015
Reply Report
allanice001 April 25, 2016

Placed the new certificates in /usr/local/vesta/ssl/ and reboot or restart nginx and httpd

I’m using letsencrypt certificates on my vestacp admin panel, a lot less hassle to get / renew them.

Reply Report
  • aneeshjoseph August 21, 2016

    Correct :)

    1. Overwrite existing certificate in /usr/local/vesta/ssl/ with new certificate. Keep old file name for new certificate.
    2. /etc/init.d/vesta restart OR service vesta restart
    Reply Report
sam927752 June 9, 2017
Reply Report
Submit an Answer

Looking for something else?

Ask a new question Search for more help