How to Install Let’s Encrypt Certificate on VestaCP
| |Here’s how you can install and setup properly free SSL certificate on VestaCP from Let’s Encrypt which I believe it is the easiest way so far. Before we take steps a little further, let’s firstly take a look on what Let’s Encrypt is. For you who didn’t know it yet, Let’s Encrypt is a new certificate authority providing free SSL certificate for any websites. The project was started in 2012 by two Mozilla employees, Josh Aas and Eric Rescorla, together with Peter Eckersley at the Electronic Frontier Foundation and J. Alex Halderman at the University of Michigan. Since May 2013, Internet Security Research Group incorporated the project.
Shortly saying, Let’s Encrypt is one of valid certificate authorities but instead of having to pay, anyone can simply request the certificate free of cost. Yet the best part of all, anyone can simply request the certificate without having to register or filling any registration form. The process are done automatically and automagically via simple Linux command.
No validation emails, no complicated configuration editing, no expired certificates breaking your website. And of course, because Let’s Encrypt provides certificates for free, no need to arrange payment.
Installing free certificate from them is easy by following the procedure described in this page. But however for some people, the process is still painful. In fact, reading the “Getting Started” page itself is also painful for average webmasters who are not really a server admins. Furthermore, those who are using Vestacp might also be wondering how to integrate, setup and use free SSL certificate from Let’s Encrypt with Vestacp.
I do love Vestacp -I use it to run this blog- and I believe many users also use this magnificent free control panel. Thanks to Interbrite of the creation of a really useful script called letsencrypt-vesta. Made available on Github, the script helps Vestacp users to install Let’s Encrypt SSL certificate on their website painlessly. The script has been made to bridge the gap between Vesta’s certificate management and the Let’s Encrypt client. Shortly saying, using this tool will make it easy to setup the free SSL on any website of any user in Vestacp.
Prerequisites
- A SSH client like Bitvise or Putty and basic knowledge about how to use it.
- Basic knowledge about common Unix command to SSH to your server.
- A server or VPS with at least 512MB of RAM (1GB or more is recommended).
- Make sure your Vestacp server is installed and running on your server.
Read: How to install Vestacp - About 30 minutes of your time
- a cup of coffee or tea.
Confused on choosing which VPS provider to install VestaCP? Read my recommended VPS providers or top low end cloud server providers. Quick recommendation: Digital Ocean, Atlantic.net or Ramnode.
In this guide I’m using a 512MB RAM Cloud VPS from Digital Ocean running CentOS 7.2 x64. You can use steps below on Ubuntu and any CentOS version supported by Vestacp.
Steps To Setup Let’s Encrypt SSL
Step 0 – Install VestaCP on your server (read my previous tutorials). In this tutorial I use default Vesta CP configuration which is Nginx as frontend proxy to Apache. You can also use the same method on Vesta with Nginx + PHP-fpm configuration but there is a slightly different part.
Also, make sure you have set up at least a website / a domain to add the SSL on it. I assumed you have a websites(s) already before following this tutorial.
Step 1 – Login to your server via Putty (or any SSH client) as root or as user with root privilege (sudo).
Step 2 – Now go to the /usr/local directory:
cd /usr/local
Step 3 – Clone both the Let’s Encrypt client and this tool into that directory. This will then create two new directories, /usr/local/letsencrypt and /usr/local/letsencrypt-vesta.
git clone https://github.com/letsencrypt/letsencrypt.git git clone https://github.com/interbrite/letsencrypt-vesta.git
Just in case you got error: “git: command not found“, you should then firstly install Git on your server.
## CentOS yum install git -y ##Ubuntu apt-get install git -y
Step 4 – Next, create the “webroot” directory where Let’s Encrypt will write the files needed for domain verification.
mkdir -p /etc/letsencrypt/webroot
Step 5 – Now also symlink the Apache conf file in your Apache conf.d directory. This enables Apache to properly serve the validation files from the webroot directory above :
## CentOS ln -s /usr/local/letsencrypt-vesta/letsencrypt.conf /etc/httpd/conf.d/letsencrypt.conf ## Ubuntu ln -s /usr/local/letsencrypt-vesta/letsencrypt.conf /etc/apache2/conf.d/letsencrypt.conf
Step 6 – Symlink letsencrypt-auto and letsencrypt-vesta in /usr/local/bin for easier access. This allows them to be run without needing to know the full path to the programs :
ln -s /usr/local/letsencrypt/letsencrypt-auto /usr/local/bin/letsencrypt-auto ln -s /usr/local/letsencrypt-vesta/letsencrypt-vesta /usr/local/bin/letsencrypt-vesta
Step 7 -Restart your webserver :
## CentOS service httpd restart ## Ubuntu service apache2 restart
Screenshot pic of Step 4 to 7 :
Step 8 – Well, that’s basically all the steps need to do. Now you can install Let’s Encrypt SSL certificate on any domain(s) of any user(s). The command is below:
letsencrypt-vesta username domain ## Example: letsencrypt-vesta admin servermom.xyz
You may notice that first time running the script it will do some initial setup work and try downloading and installing necessary dependencies like Phyton. Subsequent runs should be faster, as this setup is only needed once per server.
and once finished, you’ll see something similar to this :
You should pay attention more at this following detail:
One thing you should also know that Let’s Encrypt certificates expire every 90 days. It is recommended for you to renew them after 60 days. Simply run the same command to request new certificates and to renew previously installed certificates.
Also, there will be no additional setup at VestaCP end because the script has already done that for you. However, if your site doesn’t already have SSL support, then it will be enabled with public_html as the SSL home. Otherwise, the existing SSL certificate will be replaced with the one issued by Let’s Encrypt.
I also really suggest you to read the full documentation of the script at Github page. For instance if you want to install SSL on multiple Vesta users and websites then basic command is :
sudo letsencrypt-vesta [-m email] [-u] user1 [domainlist1] [...-u userN [domainlistN]]
Here’s how Mozilla Firefox recognizes the encryption :
Here’s the SSL test result by SSLlabs.com :
Final thought
Let’s Encrypt exists to provide free, automated, and open SSL certificate for any one and any website. I really like the fact that we don’t have to signup or to pay for something. On the other hand, like many other free certificates, it is only valid for 90 days which means renewal is compulsory.
Installing Let’s Encrypt is basically easy using its client script but integrating its to Vestacp is one thing. Thanks to Let’s Encrypt Vesta script by Interbrite that makes it easy to get the job done with less effort. However, since VestaCP itself does not include Let’s Encrypt as one of its features by default, so you may or may not expect some technical difficulties by the time Vesta updating its panel. But still, it is nice to have strong, valid and free SLL certificate to make the https:// version of your site. Moreover, Let’s Encrypt project is supported by many companies like Akamai, Mozilla, OVH, Facebook, Automattic, Sucuri, SiteGround, KeyCDN, Vultr, Chrome, Gandi and many more.
i really love this site.. thanks for the new post.. worth it.. i’m tring it now
please do this tutorial for cent os web panel and webuzo .
Very useful guide to install lets encrypt certificate. Help ful for both beginner and experts. We also really like the fact that we don’t have to signup or to pay for something.
Thank you for sharing. Keep share such kind of tutorials for readers it will provide better knowledage to readers.
As the author of letsencrypt-vesta, I wanted to thank you for this post. I’ve actually followed a handful of Servermom tutorials over the years and find the site to be informative and well written. In fact, I believe my decision to go with VestaCP as my current control panel of choice was made, in part, by a review I read on this site.
I wrote letsencrypt-vesta because I wanted an easy way to create and renew certificates on my sites. After reading someone’s “easy” 15-step process for installing Let’s Encrypt certs that was posted on the VestaCP forums, I figured that others would benefit from my tool as well, so I decided to share it. The community has, in turn, shared some great suggestions (such as support for multiple sites on one cert), which has made the tool even better.
Thank you again for helping to spread the word about letsencrypt-vesta. If you or your readers have any suggestions for improvements, I’d love to hear them.
You are welcome. I hope you can regularly maintain the script. Keep up the good work 🙂
It that possible to do a cron job for “automatic renewal” ?
I woul know anyway to create cron job as well. I’ve manage to get the command working. but it’s always different tham I commit the command directly.
Maybe put the command into a shell script file and then have VestaCP Cron execute the script file? I had to do this with an “outside of VestaCP” backup command. When I entered the command into VestaCP, it kept replacing elements of my command with the actual values derived at the time of defining the job in VestaCP. Executing the script file made it work without issue.
I’m facing the issue as “not valid user”. I entered valid vestacp user details. Please help 🙁
Be sure that you are running the script as root.
Thanks a lot! I tried and it’s worked
awesome..
really the best tutorial to follow.
Thank you sooo much ..
Excellent! It worked like a charm!
Now a question for you: How can I apply a Let’s Encrypt certificate to the VestaCP session itself? (ie. https://mysite:8083) That would complete things end-to-end.
Unfortunately it didn’t worked for me.i followed whole guide step by step but its not appearing on my server.
my website is : filescloud.co
you can try using https & its certificate isn’t valid i think.can you help me here ?
thanks
I have a NGINX only VestaCP installation. Does anyone know of a tutorial for VestaCP with NGINX only ?
Thanks,
Mike
Mike,
Check the readme file in the project. It has instructions for Nginx-only sites. It’s a little more complicated to set up, but not too bad.
I followed whole guide step by step without any errors , but its not working for my domain odinaev.ru
http://take.ms/CRL10
This worked perfectly for me. Thank you.
I would also like to have the vestacp email protected.
Have you been able to enable IMAP and SMTP under vestacp after installing the SSL cert on the website?
I’m getting this error:
/usr/local/bin/letsencrypt-vesta: line 64: /usr/local/vesta/bin/v-list-web-domains-alias: No such file or directory
/usr/local/bin/letsencrypt-vesta: line 224: /usr/local/certbot/certbot-auto: No such file or directory
I’ve installed VestaCP (Vesta with Nginx + PHP-fpm configuration tutorial).
i also have the same problem , Any help please .
i had same issue and it’s fixed after applying this solution :-
cd /usr/local
git clone https://github.com/certbot/certbot.git
To fix i
Ref :- https://github.com/interbrite/letsencrypt-vesta/issues/26
Yeah. It seems that the script has been updated and modified a little bit now
yeah may be in the next tutorial. Noted that for now
i have this error any help please :
/usr/local/bin/letsencrypt-vesta: line 64: /usr/local/vesta/bin/v-list-web-domains-alias: No such file or directory
/usr/local/bin/letsencrypt-vesta: line 224: /usr/local/certbot/certbot-auto: No such file or directory
Let’s encrypt returned an error status. Aborting.
git clone https://github.com/certbot/certbot.git
Thank me later 🙂
Please mom, give the way how to install lesencrypt with vestacp PHP-FPM as your guide http://servermom.wpengine.com/install-vestacp-nginx-php-fpm/3157/
I have try tutorial above, but stuct in step 5. I have try by myself but still cant fine the solution.
thanks you mom..
For those getting the v-list-web-domains-alias issue, please be patient. Vesta removed that command in the latest update, breaking the letsencrypt-vesta script. I hope to have a fix rolled out this weekend, as soon as a finish up some testing.
Hello first thanks for such a nice script.
I am getting an problem,with above tutorial my ssl works perfect but when i restart my server so than ssl is not working and than again if i use this “letsencrypt-vesta admin mydomain.com” so than again ssl start works again .
But whenever i restart my server so i have to use above command to enable ssl on my website so is there any solution for this.
Best Regards
Shahroz
The script have been updated 6 days ago, it will be nice to update the tutorial
https://github.com/interbrite/letsencrypt-vesta
VestaCP has included the CLI command to crate FREE SSL certificates.
The SSL generated with Let’s Encrypt will expire on 3 months but vesta renew it every 2 Month so your SSL never will be expired.
the CLI command is: v-add-letsencrypt-domain admin my_domain.com
for some reason Vesta not include easy GUI where regular peoples can generate SSL.
Hello, can somebody post tutorial ?
Thanks for such a nice tutorial
If i installed this on my domain.com and now my subdomain is hosted on another server so is there any way to use same certificate on that subdomain too ?
Or do i need to install certificate again on that server where my subdomain is hosted?
Thanks
Sorry for again comment but also this is not working on a subdomain i mean when i try to install this for a subdomain on a different server so its not installed.
Please let me know how t install this on a subdomain Thanks
Have you tried auto encrypt by using this? https://github.com/interbrite/letsencrypt-vesta
hello friend
in the first time works fine, and tomorrow the in command won’t work
letsencrypt-vesta admin servermom.xyz
and error message is
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
how to fix this?
sorry, this article is a bit outdated. Will write for the new one soon
I got an error
Fix error: Error: SSL=no doesn’t exist
I fix it. I went to VestaCP control panel, go through each website and click SSL support & Letsencrypt Support and then click save. I SSH to the server and do the command #letsencrypt-vesta username domain
The letsencrypt repo has now been replaced with certbot repo
https://github.com/certbot/certbot.git