Vesta CP install SSL certificate for a subdomain

In this post I’ll share how I’ve added a LetsEncrypt SSL certificate to a subdomain at VPS with Centos 7 using Vesta CP.

1. Update Vesta (optional)

In the Linux Shell we first update VestaCP.

cd /usr/local/vesta/bin
sudo v-update-sys-vesta-all

In case of

v-update-sys-vesta-all command not found

do the following:

source ~/.bash_profile
export VESTA=/usr/local/vesta/

2. Open Vesta in browser

First we navigate and log into Vesta CP. For this we use VPS’ IP along with post 8083:

After logging in we switch to the WEB tab and select to EDIT the subdomain.

Vesta CP with subdomain

Now we are ready to install SSL certificate using inbuilt in Vesta LetsEncrypt functionality.

Alternative you might want to use using dehydrated to perform of the ACME SSL certification, see a step by step guide.

3. Add LetsEncrypt SSL certificate

While editing the domain info we scroll down and tick up the Support Proxy checkbox.

Down below we tick it up both the Support SSL and the Support Lets Encrypt checkboxes. Then we wait to up to 5 minutes while SSL certificate to be generated by Lets Encrypt.

The result should be evident soon:

4. Add cert paths to the generated files

After the successful SSL certificate load in Vesta from the Lets Encrypt check the /home/admin/conf/web directory. The following cert files should be present in it:

Besides, the file in the same directory has the following content:

    DocumentRoot /home/admin/web/
    ScriptAlias /cgi-bin/ /home/admin/web/
    Alias /vstats/ /home/admin/web/
    Alias /error/ /home/admin/web/
    #SuexecUserGroup admin admin
    CustomLog /var/log/httpd/domains/ bytes
    CustomLog /var/log/httpd/domains/ combined
    ErrorLog /var/log/httpd/domains/
    <Directory /home/admin/web/>
        AllowOverride All
        Options +Includes -Indexes +ExecCGI
        #php_admin_value open_basedir /home/admin/web/
        php_admin_value upload_tmp_dir /home/admin/tmp
        php_admin_value session.save_path /home/admin/tmp
    <Directory /home/admin/web/>
        AllowOverride All
        SSLEngine on
        SSLVerifyClient none
        SSLCertificateFile /home/admin/conf/web/
        SSLCertificateKeyFile /home/admin/conf/web/
        SSLCertificateChainFile /home/admin/conf/web/

    <IfModule mod_ruid2.c>
        RMode config
        RUidGid admin admin
        RGroups apache
    <IfModule itk.c>
        AssignUserID admin admin

    IncludeOptional /home/admin/conf/web/*

We have to manually add values for the parameters:


as well as the path to the project directory, parameter DocumentRoot.

5. Additional

Beside the /home/admin/conf/web/ file we’ve earlier set up Virtual Hosts where paths to the SSL cert files are also used for https (port 443):


 <VirtualHost *:80>
  DocumentRoot /home/admin/web/

<VirtualHost *:443>
  DocumentRoot /home/admin/web/

  SSLEngine On
  SSLCertificateFile /etc/dehydrated/certs/
  SSLCertificateKeyFile /etc/dehydrated/certs/
  SSLCertificateChainFile /etc/dehydrated/certs/

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.