Configure VestaCP to use LetsEncrypt certificates

This is a brief tutorial on how to use the Free SSL encryption service LetsEncrypt with the Vesta Control Panel.


  1. Example domain
  2. Server OS
    1. Ubuntu Server 15.04 LTS
  3. Key pieces of software already installed
    1. Git
    2. VestaCP with Nginx and Apache
  4. needs to be functioning and resolvable from the internet before going through this
  5. A domain admin email address

Install and setup LetsEncrypt

On your server run the following commands in a terminal

This will download the Letsencrypt python scripts to the /opt/share/letsencrypt directory

  • sudo git clone /opt/share/letsencrypt

This command will run the letsencrypt-auto script, which will prepare the server environment and install the dependencies needed by Letsencript.

  • sudo /opt/share/letsencrypt/letsencrypt-auto

This command will generate the needed certificates and private key that Nginx will eventually use.

  • /opt/share/letsencrypt/letsencrypt-auto certonly –renew-by-default –email –webroot –agree-tos –webroot-path /home/admin/web/ -domain -domain


Setup VestaCP

From a web browser login into your VestaCP, leave this window open in the background

  • From your server copy all the text from /etc/letsencrypt/live/
  • In your web browser, navigate to the Web menu, click Edit under the record


  • In your web browser, scroll down and check “SSL Support


  • In your web browser, paste the text from cert.pem into the “SSL Certificate” textbox


  • From your server, copy all the text from  /etc/letsencrypt/live/ and paste the text into the “SSL Key” textbox
  • From your server, copy all the text from  /etc/letsencrypt/live/ and paste the text into the “SSL Certificate Authority / Intermediate” textbox


  • Click Save


Check HTTPS is now working

  • In your web browser, navigate to your site “”, your site should now show a lock in the address bar.
  • Click the lock, your site is now signed by a free, 3rd party certificate