How To Use Let’s Encrypt On VestaCP Login Panel (Port 8083)

Let’s Encrypt is a certificate authority that launched on April 12, 2016 that provides free X.509 certificates for Transport Layer Security (TLS) encryption via an automated process designed to eliminate the current complex process of manual creation, validation, signing, installation, and renewal of certificates for secure websites.

Steps To Use Let’s Encrypt On Vesta Login Panel

Step 1 – Login to VestaCP’s admin panel using the hostname along with port 8083 in front of it like this https://server1.demo.com:8083

Step 2 –  Navigate to the WEB section of VestaCP and locate your server’s hostname and then click on EDIT as shown in the image below –

 

Step 3 –  Now locate SSL Support and Let’s Encrypt Support and make sure you check both of them. Then click on Save (DO NOT CLICK ANYWHERE TILL THE PROCESS IS DONE OR LETSENCRYPT MIGHT FAIL TO CREATE THE CERTIFICATE)

 

STEP 4 –  

Let’s encrypt creates and stores its SSL certs in /home/username/conf/web

And lists them as :-

ssl.website.crt
ssl.website.key

Whereas VestaCP control panel stores its hostname SSL certs in:

/usr/local/vesta/ssl

and lists them as:

certificate.crt
certificate.key

So, we need to rename the old VestaCP cert files first to some dummy text so that VestaCP no longer use them and then Symlink the files. Please follow the next steps to know how to do this.

STEP 5 – SSH into your server and enter these two commands to rename the old files :-

mv /usr/local/vesta/ssl/certificate.crt /usr/local/vesta/ssl/unusablecer.crt
mv /usr/local/vesta/ssl/certificate.key /usr/local/vesta/ssl/unusablecer.key

 

STEP 6 – Create symlinks to point to the new ones (Replace admin with your admin username and server1.flaunt7.com with your server’s hostname (FQDN).

ln -s /home/admin/conf/web/ssl.server1.flaunt7.com.crt /usr/local/vesta/ssl/certificate.crt
ln -s /home/admin/conf/web/ssl.server1.flaunt7.com.key /usr/local/vesta/ssl/certificate.key

 

STEP 7 –  Restart VestaCP

service vesta restart

 

STEP 8 – Clear your browser cache and then try logging in to your control along with port 8083 and Bingo, port 8083 is now SSL secure!

Broken Permissions Solution 

To fix broken permissions, enter the following commands.

Replace your.adminpanel.com with your admin panel’s URL.

chgrp mail ssl.your.adminpanel.com.key
chmod 660 ssl.your.adminpanel.com.key
chgrp mail ssl.your.adminpanel.com.crt
chmod 660 ssl.your.adminpanel.com.crt

Souce and credit: https://blog.flaunt7.com