Hestia CP - this is one of the most popular, simple and convenient panels for managing sites, with its help you can add new sites, work with mail and databases, Cron, updates, file manager, the ability to add SSL.

file

Creating a self-signed certificate with openssl

Generate a self-signed certificate:

$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -days 365 -subj '/CN=localhost'

Options that you might want to change while creating the self-signed certificate:

Option Description
-newkey rsa:4096 Create a 4096-bit RSA key.
-keyout key.pem Save the key to a key.pem file.
-out cert.pem Save the certificate in the cert.pem file.
-nodes Do not protect the private key with a password.
-days 365 The number of days the certificate is valid.
-subj '/CN=localhost' Use this option to avoid questions about the contents of the certificate. Replace localhost with the domain name.
root@dsde949-22869:~# openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -days 365 -subj '/CN=mecmep.site'  
Generating a RSA private key  
...................................++++
......................................................................................................++++
writing new private key to 'key.pem'  

Configuring SSL certificate in Hestia CP

To configure the SSL certificate go to the tab WEB

Select the desired site for editing

file

In the new window, find SSL Support enter data from the certificate you created with openssl or create a new request as described below.

file

When placing an order for a certificate, you need to Generate CSR Request to do this, a new window will open where you need to enter your domain details.

file

You will get three variables:

  • SSL CSR request
  • SSL certificate
  • SSL certificate key

Data from SSL CSR field must be inserted when purchasing a certificate, this certificate stores the name of your domain name.

After successful verification of the domain, you will receive an archive with 4 files (depending on ssl certificate type). Using Comodo Security Services as an example:

  • domain_com.crt
  • AddTrustExternalCARoot.crt
  • COMODORSAAddTrustCA.crt
  • COMODORSADomainValidationSecureServerCA.crt

You need to open these ssl-certifications in notepad and then sequentially add the contents of files on the page of domain editing:

  • SSL certificate → insert code from file domain_com.crt
  • ** SSL certificate key → paste the code that we have generated by clicking the link Generate CSR Request**
  • Certification Center SSL / Intermediate → insert the code from AddTrustExternalCARoot.crt, COMODORSAAddTrustCA.crt, COMODORSADomainValidationSecureServerCA.crt.

file

Saving the changes.

Check the checkbox to force redirect HTTP-to-HTTPS.

You can check if the certificate is installed correctly using this service.


If you have any difficulties in configuration or have any additional questions, you can always contact our support service via ticket system.

Updated Nov. 23, 2021