Here’s how you can install and setup properly free SSL certificate on VestaCP from Let’s Encrypt which I believe it is the easiest way so far. Before we take steps a little further, let’s firstly take a look on what Let’s Encrypt is. For you who didn’t know it yet, Let’s Encrypt is a new certificate authority providing free SSL certificate for any websites. The project was started in 2012 by two Mozilla employees, Josh Aas and Eric Rescorla, together with Peter Eckersley at the Electronic Frontier Foundation and J. Alex Halderman at the University of Michigan. Since May 2013, Internet Security Research Group incorporated the project.
Shortly saying, Let’s Encrypt is one of valid certificate authorities but instead of having to pay, anyone can simply request the certificate free of cost. Yet the best part of all, anyone can simply request the certificate without having to register or filling any registration form. The process are done automatically and automagically via simple Linux command.
No validation emails, no complicated configuration editing, no expired certificates breaking your website. And of course, because Let’s Encrypt provides certificates for free, no need to arrange payment.
Installing free certificate from them is easy by following the procedure described in this page. But however for some people, the process is still painful. In fact, reading the “Getting Started” page itself is also painful for average webmasters who are not really a server admins. Furthermore, those who are using Vestacp might also be wondering how to integrate, setup and use free SSL certificate from Let’s Encrypt with Vestacp.
I do love Vestacp -I use it to run this blog- and I believe many users also use this magnificent free control panel. Thanks to Interbrite of the creation of a really useful script called letsencrypt-vesta. Made available on Github, the script helps Vestacp users to install Let’s Encrypt SSL certificate on their website painlessly. The script has been made to bridge the gap between Vesta’s certificate management and the Let’s Encrypt client. Shortly saying, using this tool will make it easy to setup the free SSL on any website of any user in Vestacp.
- A SSH client like Bitvise or Putty and basic knowledge about how to use it.
- Basic knowledge about common Unix command to SSH to your server.
- A server or VPS with at least 512MB of RAM (1GB or more is recommended).
- Make sure your Vestacp server is installed and running on your server.
Read: How to install Vestacp
- About 30 minutes of your time
- a cup of coffee or tea.
Confused on choosing which VPS provider to install VestaCP? Read my recommended VPS providers or top low end cloud server providers. Quick recommendation: Digital Ocean, Atlantic.net or Ramnode.
In this guide I’m using a 512MB RAM Cloud VPS from Digital Ocean running CentOS 7.2 x64. You can use steps below on Ubuntu and any CentOS version supported by Vestacp.
Steps To Setup Let’s Encrypt SSL
Step 0 – Install VestaCP on your server (read my previous tutorials). In this tutorial I use default Vesta CP configuration which is Nginx as frontend proxy to Apache. You can also use the same method on Vesta with Nginx + PHP-fpm configuration but there is a slightly different part.
Also, make sure you have set up at least a website / a domain to add the SSL on it. I assumed you have a websites(s) already before following this tutorial.
Step 1 – Login to your server via Putty (or any SSH client) as root or as user with root privilege (sudo).
Step 2 – Now go to the /usr/local directory:
Step 3 – Clone both the Let’s Encrypt client and this tool into that directory. This will then create two new directories, /usr/local/letsencrypt and /usr/local/letsencrypt-vesta.
git clone https://github.com/letsencrypt/letsencrypt.git
git clone https://github.com/interbrite/letsencrypt-vesta.git
Just in case you got error: “git: command not found“, you should then firstly install Git on your server.
yum install git -y
apt-get install git -y
Step 4 – Next, create the “webroot” directory where Let’s Encrypt will write the files needed for domain verification.
mkdir -p /etc/letsencrypt/webroot
Step 5 – Now also symlink the Apache conf file in your Apache conf.d directory. This enables Apache to properly serve the validation files from the webroot directory above :
ln -s /usr/local/letsencrypt-vesta/letsencrypt.conf /etc/httpd/conf.d/letsencrypt.conf
ln -s /usr/local/letsencrypt-vesta/letsencrypt.conf /etc/apache2/conf.d/letsencrypt.conf
Step 6 – Symlink letsencrypt-auto and letsencrypt-vesta in /usr/local/bin for easier access. This allows them to be run without needing to know the full path to the programs :
ln -s /usr/local/letsencrypt/letsencrypt-auto /usr/local/bin/letsencrypt-auto
ln -s /usr/local/letsencrypt-vesta/letsencrypt-vesta /usr/local/bin/letsencrypt-vesta
Step 7 -Restart your webserver :
service httpd restart
service apache2 restart
Screenshot pic of Step 4 to 7 :
Step 8 – Well, that’s basically all the steps need to do. Now you can install Let’s Encrypt SSL certificate on any domain(s) of any user(s). The command is below:
letsencrypt-vesta username domain
letsencrypt-vesta admin servermom.xyz
You may notice that first time running the script it will do some initial setup work and try downloading and installing necessary dependencies like Phyton. Subsequent runs should be faster, as this setup is only needed once per server.
and once finished, you’ll see something similar to this :
You should pay attention more at this following detail:
One thing you should also know that Let’s Encrypt certificates expire every 90 days. It is recommended for you to renew them after 60 days. Simply run the same command to request new certificates and to renew previously installed certificates.
Also, there will be no additional setup at VestaCP end because the script has already done that for you. However, if your site doesn’t already have SSL support, then it will be enabled with public_html as the SSL home. Otherwise, the existing SSL certificate will be replaced with the one issued by Let’s Encrypt.
I also really suggest you to read the full documentation of the script at Github page. For instance if you want to install SSL on multiple Vesta users and websites then basic command is :
sudo letsencrypt-vesta [-m email] [-u] user1 [domainlist1] [...-u userN [domainlistN]]
Here’s how Mozilla Firefox recognizes the encryption :
Here’s the SSL test result by SSLlabs.com :
Let’s Encrypt exists to provide free, automated, and open SSL certificate for any one and any website. I really like the fact that we don’t have to signup or to pay for something. On the other hand, like many other free certificates, it is only valid for 90 days which means renewal is compulsory.
Installing Let’s Encrypt is basically easy using its client script but integrating its to Vestacp is one thing. Thanks to Let’s Encrypt Vesta script by Interbrite that makes it easy to get the job done with less effort. However, since VestaCP itself does not include Let’s Encrypt as one of its features by default, so you may or may not expect some technical difficulties by the time Vesta updating its panel. But still, it is nice to have strong, valid and free SLL certificate to make the https:// version of your site. Moreover, Let’s Encrypt project is supported by many companies like Akamai, Mozilla, OVH, Facebook, Automattic, Sucuri, SiteGround, KeyCDN, Vultr, Chrome, Gandi and many more.