Hestia CP - this is one of the most popular, simple and convenient panels for managing sites, with its help you can add new sites, work with mail and databases, Cron, updates, file manager, the ability to add SSL.
Creating a self-signed certificate with openssl
Generate a self-signed certificate:
$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -days 365 -subj '/CN=localhost'
Options that you might want to change while creating the self-signed certificate:
| Option | Description |
|---|---|
| -newkey rsa:4096 | Create a 4096-bit RSA key. |
| -keyout key.pem | Save the key to a key.pem file. |
| -out cert.pem | Save the certificate in the cert.pem file. |
| -nodes | Do not protect the private key with a password. |
| -days 365 | The number of days the certificate is valid. |
| -subj '/CN=localhost' | Use this option to avoid questions about the contents of the certificate. Replace localhost with the domain name. |
root@dsde949-22869:~# openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -days 365 -subj '/CN=mecmep.site'
Generating a RSA private key
...................................++++
......................................................................................................++++
writing new private key to 'key.pem'
Configuring SSL certificate in Hestia CP
To configure the SSL certificate go to the tab WEB
Select the desired site for editing
In the new window, find SSL Support enter data from the certificate you created with openssl or create a new request as described below.
When placing an order for a certificate, you need to Generate CSR Request to do this, a new window will open where you need to enter your domain details.
You will get three variables:
- SSL CSR request
- SSL certificate
- SSL certificate key
Data from SSL CSR field must be inserted when purchasing a certificate, this certificate stores the name of your domain name.
After successful verification of the domain, you will receive an archive with 4 files (depending on ssl certificate type). Using Comodo Security Services as an example:
- domain_com.crt
- AddTrustExternalCARoot.crt
- COMODORSAAddTrustCA.crt
- COMODORSADomainValidationSecureServerCA.crt
You need to open these ssl-certifications in notepad and then sequentially add the contents of files on the page of domain editing:
- SSL certificate → insert code from file domain_com.crt
- ** SSL certificate key → paste the code that we have generated by clicking the link Generate CSR Request**
- Certification Center SSL / Intermediate → insert the code from AddTrustExternalCARoot.crt, COMODORSAAddTrustCA.crt, COMODORSADomainValidationSecureServerCA.crt.
Saving the changes.
Check the checkbox to force redirect HTTP-to-HTTPS.
You can check if the certificate is installed correctly using this service.
If you have any difficulties in configuration or have any additional questions, you can always contact our support service via ticket system.