This is a brief tutorial on how to use the Free SSL encryption service LetsEncrypt with the Vesta Control Panel.
Scenario:
- Example domain
- example.com
- Server OS
- Ubuntu Server 15.04 LTS
- Key pieces of software already installed
- Git
- VestaCP with Nginx and Apache
- example.com needs to be functioning and resolvable from the internet before going through this
- A domain admin email address
- owner@example.com
Install and setup LetsEncrypt
On your server run the following commands in a terminal
This will download the Letsencrypt python scripts to the /opt/share/letsencrypt directory
- sudo git clone https://github.com/letsencrypt/letsencrypt /opt/share/letsencrypt
This command will run the letsencrypt-auto script, which will prepare the server environment and install the dependencies needed by Letsencript.
- sudo /opt/share/letsencrypt/letsencrypt-auto
This command will generate the needed certificates and private key that Nginx will eventually use.
- /opt/share/letsencrypt/letsencrypt-auto certonly –renew-by-default –email owner@example.com –webroot –agree-tos –webroot-path /home/admin/web/example.com/public_html/ -domain example.com -domain www.example.com
Setup VestaCP
From a web browser login into your VestaCP, leave this window open in the background
- From your server copy all the text from /etc/letsencrypt/live/example.com/cert.pem
- In your web browser, navigate to the Web menu, click Edit under the example.com record
- In your web browser, scroll down and check “SSL Support“
- In your web browser, paste the text from cert.pem into the “SSL Certificate” textbox
- From your server, copy all the text from /etc/letsencrypt/live/example.com/privkey.pem and paste the text into the “SSL Key” textbox
- From your server, copy all the text from /etc/letsencrypt/live/example.com/chain.pem and paste the text into the “SSL Certificate Authority / Intermediate” textbox
- Click Save
Check HTTPS is now working
- In your web browser, navigate to your site “https://example.com”, your site should now show a lock in the address bar.
- Click the lock, your site is now signed by a free, 3rd party certificate