Configuring an SSL certificate in Vesta CP
Description of the procedure for setting up SSL certificates on a server with the Vesta control panel
Create a self-signed certificate using openssl.
Generate a self-signed certificate:
$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -days 365 -subj '/CN=localhost'
Options that you might want to change while creating the self-signed certificate:
| Option | Description |
|---|---|
| -newkey rsa:4096 | Create a 4096-bit RSA key. |
| -keyout key.pem | Save the key to a key.pem file. |
| -out cert.pem | Save the certificate in the cert.pem file. |
| -nodes | Do not protect the private key with a password. |
| -days 365 | The number of days the certificate is valid. |
| -subj '/CN=localhost' | Use this option to avoid questions about the contents of the certificate. Replace localhost with the domain name. |
Configuring SSL certificate in VestaCP
To configure the SSL certificate go to the tab "WEB"
Press "Edit" button on the desired site
In the new window find "SSL Support" enter data from the certificate you created with openssl or create a new request as described below
When placing an order for a certificate, you have to "Generate a CSR Request" to do this, a new window will open where you have to enter your domain details.
you get three variables.
- SSL CSR request
- SSL certificate
- SSL certificate key
Data from SSL CSR field must be inserted when purchasing a certificate, this certificate stores the name of your domain name.
After successful verification of the domain, you will receive an archive with 4 files (depending on ssl certificate type). Using Comodo Security Services as an example:
- domain_com.crt
- AddTrustExternalCARoot.crt
- COMODORSAAddTrustCA.crt
- COMODORSADomainValidationSecureServerCA.crt
These ssl-certifications you need to open in notepad and then sequentially add the contents of files on the page of domain editing:
- SSL certificate → insert code from file domain_com.crt
- SSL certificate key → paste the code that was generated when you clicked on the "Generate CSR request" link
- Certificate Authority SSL / Intermediate -> insert the code from AddTrustExternalCARoot.crt, COMODORSAAddTrustCA.crt, COMODORSADomainValidationSecureServerCA.crt.
Saving changes.
It remains only to register redirects from http to https in the file .htaccess in the directory of your site, add lines in it:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
That's it, now you will have https.
You can check if your certificate is installed correctly using this service.