Create a self-signed certificate using openssl.

Generate a self-signed certificate:
``.shell
$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -days 365 -subj '/CN=localhost'

Options that you might want to change while creating the self-signed certificate:  

| Option | Description |
| ----------- | ----------- |
| -newkey rsa:4096 | Create a 4096-bit RSA key. | 
| -keyout key.pem | Save the key to a key.pem file. | 
| -out cert.pem | Save the certificate in the cert.pem file. | 
| -nodes | Do not protect the private key with a password. | 
| -days 365 | The number of days the certificate is valid. | 
| -subj '/CN=localhost' | Use this option to avoid questions about the contents of the certificate. Replace localhost with the domain name. | 

----------------

Configuring SSL certificate in VestaCP  

To configure the SSL certificate go to the tab **"WEB "**  

Press **"Edit "** button on **the desired site**  

![file](/media/article/img/%D0%9C%D0%B5%D0%BD%D1%8E_494_3.png)

In the new window find **"SSL Support "** enter data from the certificate you created with **openssl** or create a new request as described below  

![file](/media/article/img/%D0%92%D1%8B%D0%B4%D0%B5%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5_499.png)


When placing an order for a certificate, you have to **"Generate a CSR Request "** to do this, a new window will open where you have to enter your domain details.  

![file](/media/article/img/%D0%92%D1%8B%D0%B4%D0%B5%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5_498.png)

you get three variables.  

* SSL CSR request
* SSL certificate
* SSL certificate key

Data from SSL CSR field must be inserted when purchasing a certificate, this certificate stores the name of your domain name.  

After successful verification of the domain, you will receive an archive with 4 files (depending on ssl certificate type). Using Comodo Security Services as an example:  

* domain_com.crt
* AddTrustExternalCARoot.crt
* COMODORSAAddTrustCA.crt
* COMODORSADomainValidationSecureServerCA.crt

These ssl-certifications you need to open in notepad and then sequentially add the contents of files on the page of domain editing:  

* SSL certificate → insert code from file domain_com.crt
* SSL certificate key → paste the code that was generated when you clicked on the "Generate CSR request" link
* Certificate Authority SSL / Intermediate -> insert the code from AddTrustExternalCARoot.crt, COMODORSAAddTrustCA.crt, COMODORSADomainValidationSecureServerCA.crt.


![file](/media/article/img/%D0%92%D1%8B%D0%B4%D0%B5%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5_496_1.png)

Saving changes.  

------------------------

It remains only to register redirects from http to https in the file **.htaccess** in the directory of your site, add lines in it:  

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
```

That's it, now you will have https

You can check if your certificate is installed correctly using this [service] (https://www.sslshopper.com/ssl-checker.html).

Updated April 13, 2020