Wesbytes Knowledge Base

Search our articles or browse by category below

How to use Let’s Encrypt on VerstaCP Login Panel (Port 8083)

Last modified: July 2, 2022
You are here:
Estimated reading time: 1 min

What is Let's Encrypt?

Launched on April 12, 2016, Let’s Encrypt is a certificate authority that offers free X.509 certificates for Transport Layer Security (TLS) encryption through an automated process. This process is intended to replace the lengthy and labor-intensive manual process currently involved in the creation, validation, signing, installation, and renewal of certificates for secure websites.

Steps To Use Let’s Encrypt On Vesta Login Panel

  1. Firstly, login to VestaCP’s admin panel installed on your Linux Server using the hostname along with port 8083 in front of it like this https://server1.demo.com:8083

  2. Then, navigate to the WEB section of VestaCP and locate your server’s hostname and then click on EDIT.

  3. Now locate SSL Support and Let’s Encrypt Support and make sure you check both of them. Then click on Save.

    Note
    : DO NOT CLICK ANYWHERE TILL THE PROCESS IS DONE OR LET’S ENCRYPT MIGHT FAIL TO CREATE THE CERTIFICATE

  4. After that, Let’s encrypt creates and stores its SSL certs in /home/username/conf/web
    And lists them as :-

    ssl.website.crt
    ssl.website.key

    Whereas VestaCP control panel stores its hostname SSL certs in /usr/local/vesta/ssl
    And lists them as:

    certificate.crt
    certificate.key

    So, we need to rename the old VestaCP cert files first to some dummy text so that VestaCP no longer use them and then Symlink the files. Please follow the next steps to know how to do this.

  5. SSH into your server and enter these two commands to rename the old files :-

    mv /usr/local/vesta/ssl/certificate.crt /usr/local/vesta/ssl/unusablecer.crt
    mv /usr/local/vesta/ssl/certificate.key /usr/local/vesta/ssl/unusablecer.key

     

  6. Next, create symlinks to point to the new ones (Replace admin with your admin username and server1.casbay.com with your server’s hostname (FQDN).
     
    ln -s /home/admin/conf/web/ssl.server1.casbay.com.crt /usr/local/vesta/ssl/certificate.crt
    ln -s /home/admin/conf/web/ssl.server1.casbay.com.key /usr/local/vesta/ssl/certificate.key

     

  7. Restart VestaCP.

    service vesta restart

     

  8. Lastly, clear your browser cache and then try logging in to your control along with port 8083 and Bingo, port 8083 is now SSL secure!

Broken Permissions Solution

To fix broken permissions, enter the following commands.

Replace your.adminpanel.com with your admin panel’s URL.

chgrp mail ssl.your.adminpanel.com.key

chmod 660 ssl.your.adminpanel.com.key

chgrp mail ssl.your.adminpanel.com.crt

chmod 660 ssl.your.adminpanel.com.crt

Was this article helpful?
Dislike 0
Views: 10