Categories
Development

Vesta CP install SSL certificate for a subdomain

In this post I’ll share how I’ve added a LetsEncrypt SSL certificate to a subdomain at VPS with Centos 7 using Vesta CP.

1. Update Vesta (optional)

In the Linux Shell we first update VestaCP.

cd /usr/local/vesta/bin
sudo v-update-sys-vesta-all

In case of

v-update-sys-vesta-all command not found

do the following:

source ~/.bash_profile
export VESTA=/usr/local/vesta/

2. Open Vesta in browser

First we navigate and log into Vesta CP. For this we use VPS’ IP along with post 8083:

https://185.221.154.249:8083/login/

After logging in we switch to the WEB tab and select to EDIT the subdomain.

Vesta CP with subdomain sm.webscraping.pro

Now we are ready to install SSL certificate using inbuilt in Vesta LetsEncrypt functionality.

Alternative you might want to use using dehydrated to perform of the ACME SSL certification, see a step by step guide.

3. Add LetsEncrypt SSL certificate

While editing the domain info we scroll down and tick up the Support Proxy checkbox.

Down below we tick it up both the Support SSL and the Support Lets Encrypt checkboxes. Then we wait to up to 5 minutes while SSL certificate to be generated by Lets Encrypt.

The result should be evident soon:

4. Add cert paths to the generated files

After the successful SSL certificate load in Vesta from the Lets Encrypt check the /home/admin/conf/web directory. The following cert files should be present in it:

ssl.sm.webscraping.pro.ca
ssl.sm.webscraping.pro.crt
ssl.sm.webscraping.pro.key
ssl.sm.webscraping.pro.pem

Besides, the file sm.webscraping.pro.httpd.ssl.conf in the same directory has the following content:

<VirtualHost 185.221.154.249:443>
    ServerName sm.webscraping.pro
    ServerAdmin info@sm.webscraping.pro
    DocumentRoot /home/admin/web/sm.webscraping.pro/public_html
    
    ScriptAlias /cgi-bin/ /home/admin/web/sm.webscraping.pro/cgi-bin/
    Alias /vstats/ /home/admin/web/sm.webscraping.pro/stats/
    Alias /error/ /home/admin/web/sm.webscraping.pro/document_errors/
    #SuexecUserGroup admin admin
    CustomLog /var/log/httpd/domains/sm.webscraping.pro.bytes bytes
    CustomLog /var/log/httpd/domains/sm.webscraping.pro.log combined
    ErrorLog /var/log/httpd/domains/sm.webscraping.pro.error.log
    <Directory /home/admin/web/sm.webscraping.pro/public_html>
        AllowOverride All
        SSLRequireSSL
        Options +Includes -Indexes +ExecCGI
        #php_admin_value open_basedir /home/admin/web/sm.webscraping.pro/public_html:/home/admin/tmp
        php_admin_value upload_tmp_dir /home/admin/tmp
        php_admin_value session.save_path /home/admin/tmp
    </Directory>
    <Directory /home/admin/web/sm.webscraping.pro/stats>
        AllowOverride All
    </Directory>
        SSLEngine on
        SSLVerifyClient none
        SSLCertificateFile /home/admin/conf/web/ssl.sm.webscraping.pro.crt
        SSLCertificateKeyFile /home/admin/conf/web/ssl.sm.webscraping.pro.key
        SSLCertificateChainFile /home/admin/conf/web/ssl.sm.webscraping.pro.ca

    <IfModule mod_ruid2.c>
        RMode config
        RUidGid admin admin
        RGroups apache
    </IfModule>
    <IfModule itk.c>
        AssignUserID admin admin
    </IfModule>

    IncludeOptional /home/admin/conf/web/shttpd.sm.webscraping.pro.conf*
</VirtualHost> 

We have to manually add values for the parameters:

SSLCertificateFile
SSLCertificateKeyFile
SSLCertificateChainFile

as well as the path to the project directory, parameter DocumentRoot.

5. Additional

Beside the /home/admin/conf/web/sm.webscraping.pro.httpd.ssl.conf file we’ve earlier set up Virtual Hosts where paths to the SSL cert files are also used for https (port 443):

/etc/httpd/conf/httpd.conf

 <VirtualHost *:80>
  DocumentRoot /home/admin/web/sm.webscraping.pro/public_html/public
  ServerName sm.webscraping.pro 
</VirtualHost>

<VirtualHost *:443>
  ServerName sm.webscraping.pro
  DocumentRoot /home/admin/web/sm.webscraping.pro/public_html/public

  SSLEngine On
  SSLCertificateFile /etc/dehydrated/certs/sm.webscraping.pro/cert.pem
  SSLCertificateKeyFile /etc/dehydrated/certs/sm.webscraping.pro/privkey.pem
  SSLCertificateChainFile /etc/dehydrated/certs/sm.webscraping.pro/fullchain.pem
</VirtualHost>

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.