Posted on by John Bain

Configure VestaCP to use LetsEncrypt certificates

This is a brief tutorial on how to use the Free SSL encryption service LetsEncrypt with the Vesta Control Panel.

Scenario:

  1. Example domain
    1. example.com
  2. Server OS
    1. Ubuntu Server 15.04 LTS
  3. Key pieces of software already installed
    1. Git
    2. VestaCP with Nginx and Apache
  4. example.com needs to be functioning and resolvable from the internet before going through this
  5. A domain admin email address
    1. owner@example.com

Install and setup LetsEncrypt

On your server run the following commands in a terminal

This will download the Letsencrypt python scripts to the /opt/share/letsencrypt directory

  • sudo git clone https://github.com/letsencrypt/letsencrypt /opt/share/letsencrypt

This command will run the letsencrypt-auto script, which will prepare the server environment and install the dependencies needed by Letsencript.

  • sudo /opt/share/letsencrypt/letsencrypt-auto

This command will generate the needed certificates and private key that Nginx will eventually use.

  • /opt/share/letsencrypt/letsencrypt-auto certonly –renew-by-default –email owner@example.com –webroot –agree-tos –webroot-path /home/admin/web/example.com/public_html/ -domain example.com -domain www.example.com

 

Setup VestaCP

From a web browser login into your VestaCP, leave this window open in the background

  • From your server copy all the text from /etc/letsencrypt/live/example.com/cert.pem
  • In your web browser, navigate to the Web menu, click Edit under the example.com record

edit

  • In your web browser, scroll down and check “SSL Support

enableSSL

  • In your web browser, paste the text from cert.pem into the “SSL Certificate” textbox

cert

  • From your server, copy all the text from  /etc/letsencrypt/live/example.com/privkey.pem and paste the text into the “SSL Key” textbox
  • From your server, copy all the text from  /etc/letsencrypt/live/example.com/chain.pem and paste the text into the “SSL Certificate Authority / Intermediate” textbox

certs

  • Click Save

save

Check HTTPS is now working

  • In your web browser, navigate to your site “https://example.com”, your site should now show a lock in the address bar.
  • Click the lock, your site is now signed by a free, 3rd party certificate

success