Skip to main content

Apply SSL certificate by Let’s Encrypt to VestaCP

2 min read

We will continue to apply the certificate to VestaCP as well.

6. Apply SSL certificate by Let’s Encrypt to VestaCP

Login to VestaCP using your domain name with port 8083, and navigate to WEB section. Click EDIT next to your domain name.

Make sure that you checked both SSL support and Let’s Encrypt support as we mentioned in last tutorial.

Open the console and connect to your server using SSH. Go to the directory that Let’s encrypt creates and stores the SSL certificates, and list those certificates out.

$ cd /home/admin/conf/web
$ ls


You will see those files are named in your domain name. For example:

We need to backup the old VestaCP certificate files and create symlinks to those certs created by Let’s encrypt. Run the following commands (replace to your own domain name):

$ mv /usr/local/vesta/ssl/certificate.crt /usr/local/vesta/ssl/certificate.crt.bak
$ mv /usr/local/vesta/ssl/certificate.key /usr/local/vesta/ssl/certificate.key.bak
$ ln -s /home/admin/conf/web/ /usr/local/vesta/ssl/certificate.crt
$ ln -s /home/admin/conf/web/ /usr/local/vesta/ssl/certificate.key

Also, fix the file permission as we are no longer using the certificate provided by VestaCP. Run the commands below in the console window:

$ cd /home/admin/conf/web/
$ chgrp mail
$ chmod 660
$ chgrp mail
$ chmod 660


After that, restart VestaCP service on your server.

$ service vesta restart

Congratulations! Close the existing browser window and open a new one. Try to log in to the VestaCP again using your domain name with port 8083. You will see the Let’s encrypt certificate applied to the control panel!

This is the end of this series! Thanks for reading.

Series: Setup Ubuntu 16.04 LEMP server with VestaCP on GCE