Setting up SSL in VestaCP
The process of installing an SSL certificate in VestaCP is relatively straightforward.
- Log in to the control panel under the user from whom the domain was added.
- Go to the WEB section, find the domain, and select Edit.
Keep in mind that if you're using a Cyrillic domain, for proper issuance of the SSL certificate, the domain must be added in Cyrillic format in the panel, not in punycode format.
- In the editing window, find the SSL Support option and set it to "Enabled".
- Then, an additional form will open:
- If you want to create a Let's Encrypt certificate, check the Let's Encrypt Support option and then click Save at the bottom of the page (please wait, this process may take a few minutes). The certificate will be automatically created within a few minutes.
Also, to create a Let's Encrypt certificate, you need to create a user to be used for this operation. In the server console in the control panel or when connecting via SSH, run the following command:
v-add-letsencrypt-user USERNAME E-MAIL- Replace USERNAME with your login used to access VestaCP and E-MAIL with your contact address.
After successfully creating the certificate, it will be available at /home/admin/conf/web. - If you prefer to use your own certificate, fill in the respective fields with the data and then click Save:
- SSL Certificate — certificate content.
- SSL Certificate Key — private key content.
- SSL Certification Authority/Intermediate — the chain of certificates used to sign this certificate (usually a file from the certification authority email with the extension .ca-bundle).
- If you plan to purchase an SSL certificate, you can generate a CSR (certificate signing request) using VestaCP:
- Click on the Generate CSR request link.
- Enter the required information in the new window and click OK.
- Use the obtained CSR request when purchasing the certificate.
- Save the certificate key on your computer as it will be required for installation upon receiving the SSL certificate.
