Create a self-signed certificate using openssl.

    Generate a self-signed certificate:
    ``.shell
    $ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -days 365 -subj '/CN=localhost'

    Options that you might want to change while creating the self-signed certificate:  
    
    | Option | Description |
    | ----------- | ----------- |
    | -newkey rsa:4096 | Create a 4096-bit RSA key. | 
    | -keyout key.pem | Save the key to a key.pem file. | 
    | -out cert.pem | Save the certificate in the cert.pem file. | 
    | -nodes | Do not protect the private key with a password. | 
    | -days 365 | The number of days the certificate is valid. | 
    | -subj '/CN=localhost' | Use this option to avoid questions about the contents of the certificate. Replace localhost with the domain name. | 
    
    ----------------
    
    Configuring SSL certificate in VestaCP  
    
    To configure the SSL certificate go to the tab **"WEB "**  
    
    Press **"Edit "** button on **the desired site**  
    
    ![file](/media/article/img/%D0%9C%D0%B5%D0%BD%D1%8E_494_3.png)
    
    In the new window find **"SSL Support "** enter data from the certificate you created with **openssl** or create a new request as described below  
    
    ![file](/media/article/img/%D0%92%D1%8B%D0%B4%D0%B5%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5_499.png)
    
    
    When placing an order for a certificate, you have to **"Generate a CSR Request "** to do this, a new window will open where you have to enter your domain details.  
    
    ![file](/media/article/img/%D0%92%D1%8B%D0%B4%D0%B5%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5_498.png)
    
    you get three variables.  
    
    * SSL CSR request
    * SSL certificate
    * SSL certificate key
    
    Data from SSL CSR field must be inserted when purchasing a certificate, this certificate stores the name of your domain name.  
    
    After successful verification of the domain, you will receive an archive with 4 files (depending on ssl certificate type). Using Comodo Security Services as an example:  
    
    * domain_com.crt
    * AddTrustExternalCARoot.crt
    * COMODORSAAddTrustCA.crt
    * COMODORSADomainValidationSecureServerCA.crt
    
    These ssl-certifications you need to open in notepad and then sequentially add the contents of files on the page of domain editing:  
    
    * SSL certificate → insert code from file domain_com.crt
    * SSL certificate key → paste the code that was generated when you clicked on the "Generate CSR request" link
    * Certificate Authority SSL / Intermediate -> insert the code from AddTrustExternalCARoot.crt, COMODORSAAddTrustCA.crt, COMODORSADomainValidationSecureServerCA.crt.
    
    
    ![file](/media/article/img/%D0%92%D1%8B%D0%B4%D0%B5%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5_496_1.png)
    
    Saving changes.  
    
    ------------------------
    
    It remains only to register redirects from http to https in the file **.htaccess** in the directory of your site, add lines in it:  
    
    

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
    ```

    That's it, now you will have https

    You can check if your certificate is installed correctly using this [service] (https://www.sslshopper.com/ssl-checker.html).