In this post I’ll share how I’ve added a LetsEncrypt SSL certificate to a subdomain at VPS with Centos 7 using Vesta CP.
1. Update Vesta (optional)
In the Linux Shell we first update VestaCP.
cd /usr/local/vesta/bin sudo v-update-sys-vesta-all
In case of
v-update-sys-vesta-all command not found
do the following:
source ~/.bash_profile export VESTA=/usr/local/vesta/
2. Open Vesta in browser
First we navigate and log into Vesta CP. For this we use VPS’ IP along with post 8083:
https://185.221.154.249:8083/login/
After logging in we switch to the WEB tab and select to EDIT the subdomain.
Now we are ready to install SSL certificate using inbuilt in Vesta LetsEncrypt functionality.
Alternative you might want to use using dehydrated to perform of the ACME SSL certification, see a step by step guide.
3. Add LetsEncrypt SSL certificate
While editing the domain info we scroll down and tick up the Support Proxy checkbox.
Down below we tick it up both the Support SSL and the Support Lets Encrypt checkboxes. Then we wait to up to 5 minutes while SSL certificate to be generated by Lets Encrypt.
The result should be evident soon:
4. Add cert paths to the generated files
After the successful SSL certificate load in Vesta from the Lets Encrypt check the /home/admin/conf/web directory. The following cert files should be present in it:
ssl.sm.webscraping.pro.ca
ssl.sm.webscraping.pro.crt
ssl.sm.webscraping.pro.key
ssl.sm.webscraping.pro.pem
Besides, the file sm.webscraping.pro.httpd.ssl.conf in the same directory has the following content:
<VirtualHost 185.221.154.249:443>
ServerName sm.webscraping.pro
ServerAdmin info@sm.webscraping.pro
DocumentRoot /home/admin/web/sm.webscraping.pro/public_html
ScriptAlias /cgi-bin/ /home/admin/web/sm.webscraping.pro/cgi-bin/
Alias /vstats/ /home/admin/web/sm.webscraping.pro/stats/
Alias /error/ /home/admin/web/sm.webscraping.pro/document_errors/
#SuexecUserGroup admin admin
CustomLog /var/log/httpd/domains/sm.webscraping.pro.bytes bytes
CustomLog /var/log/httpd/domains/sm.webscraping.pro.log combined
ErrorLog /var/log/httpd/domains/sm.webscraping.pro.error.log
<Directory /home/admin/web/sm.webscraping.pro/public_html>
AllowOverride All
SSLRequireSSL
Options +Includes -Indexes +ExecCGI
#php_admin_value open_basedir /home/admin/web/sm.webscraping.pro/public_html:/home/admin/tmp
php_admin_value upload_tmp_dir /home/admin/tmp
php_admin_value session.save_path /home/admin/tmp
</Directory>
<Directory /home/admin/web/sm.webscraping.pro/stats>
AllowOverride All
</Directory>
SSLEngine on
SSLVerifyClient none
SSLCertificateFile /home/admin/conf/web/ssl.sm.webscraping.pro.crt
SSLCertificateKeyFile /home/admin/conf/web/ssl.sm.webscraping.pro.key
SSLCertificateChainFile /home/admin/conf/web/ssl.sm.webscraping.pro.ca
<IfModule mod_ruid2.c>
RMode config
RUidGid admin admin
RGroups apache
</IfModule>
<IfModule itk.c>
AssignUserID admin admin
</IfModule>
IncludeOptional /home/admin/conf/web/shttpd.sm.webscraping.pro.conf*
</VirtualHost> We have to manually add values for the parameters:
SSLCertificateFile
SSLCertificateKeyFile
SSLCertificateChainFile
as well as the path to the project directory, parameter DocumentRoot.
5. Additional
Beside the /home/admin/conf/web/sm.webscraping.pro.httpd.ssl.conf file we’ve earlier set up Virtual Hosts where paths to the SSL cert files are also used for https (port 443):
/etc/httpd/conf/httpd.conf
<VirtualHost *:80> DocumentRoot /home/admin/web/sm.webscraping.pro/public_html/public ServerName sm.webscraping.pro </VirtualHost> <VirtualHost *:443> ServerName sm.webscraping.pro DocumentRoot /home/admin/web/sm.webscraping.pro/public_html/public SSLEngine On SSLCertificateFile /etc/dehydrated/certs/sm.webscraping.pro/cert.pem SSLCertificateKeyFile /etc/dehydrated/certs/sm.webscraping.pro/privkey.pem SSLCertificateChainFile /etc/dehydrated/certs/sm.webscraping.pro/fullchain.pem </VirtualHost>