Installing Comodo SSL on VestaCP
| |A tutorial with pics on how to correctly install and setup Comodo Positive SSL certificate for your website or blog hosted on Vestacp server. This will be a complete step by step guide from buying a certificate, issuing the certificate and how to install it on Vestacp so your website is accessible via https:// protocol. Using SSL is said to increase not just the security factor but also SEO ranking especially after Google announced https:// is one of many factor considered in ranking position.
What is Comodo PositiveSSL?
PossitiveSSL by Comodo is a strong SSL certificate suitable for general websites, blogs, and even Facebook apps. The PositiveSSL provides low cost and fast online automated validation: No paperwork, no faxes, no delay. The SSL certificate is also powered with industry standard 2048 bit digital signatures and 99.9% browser recognition. It means all modern web browsers in any devices will recognize the certificate (except the 0.1% that’s probably using very ancient PC).
Some tech specs of Comodo PositiveSSL:
- 1 domain per certificate
- Including www and non-www
- Domain validation
- $10,000 warranty
- Free unlimited reissues
- 99.9% browser support
- 2048 – 4096-bitkey length
- up to 256-bit encryption
For your information, 128- to 256-bit certificate are nearly impossible to crack. But if some evil genius decrypts your SSL and steals the data transmitted via secure connection (a password or client’s credit card, for instance), Comodo will pay warranty compensation to the victim of such fraud.
Positive SSL from Comodo validates that your domain belongs to you. For many companies, this effective basic SSL certificate offers perfectly adequate protection. A PositiveSSL tells people that your site belongs to a real company and that their data is secure. Pricey certificates are targeted at companies with large budgets. They require complicated legal verification procedures and operation history that are just excessive for someone who needs a simple SSL for a Facebook app or login page. But, as your business expands, you may need more in-depth validation to increase customer trust, but a Positive SSL certificate is ideal for start-ups or businesses that don’t exchange highly sensitive data.
Obtaining PositiveSSL
Buying Comodo PositiveSSL from its official website will be very expensive while there are many big resellers offer cheaper discounted price. You can use Google, Bing or any of your favorite search engine to look for SSL promo. Per this example, I’ll show you how to get cheap yearly PositiveSSL from SSLs.com, a Namecheap.com’s sister company.
Step 1 – Go to https://www.ssls.com.
Step 2 – Click on the “Add to chart” button in the PositiveSSL box:
Step 3 – Then click the Chart button in the top right corner of the page to see that your SSL order is placed in shopping chart
Step 4 – In the next page you can review your order and once every thing is correct, simply hit the Checkout button.
Step 5 – Now you have to enter your email address to signup yourself an account at SSLs.com
Step 6 – After clicking the “Yep, I’m Done” button, you’ll be redirected to next checkout page where you have to enter few details about yourself including Name, phone numbers, email and password used for login to your SSLs account. Finally hit that orange “Go To Payment” button.
Step 7 – In the next page, choose which payment method you want to use: Credit card, Paypal, Bitcoin or account funds.
Step 8 – Make payment!
Step 9 – Once done, you’ll go back to SSLs page with your order number displayed along with the activation button.
Generating SSL Certificate
Step 10 – Now activate the SSL cert you’ve just ordered. This will depend on which registrar you bought the SSL from. If you bought it from SSLs.com just like me, simply click the orange Activate button.
Step 11 – In the next page, you have to enter your Certificate Signing Request (CSR) key.
Getting CSR Key on VestaCP
Step 12 – How to get your server’s CSR key on Vestacp? It’s simple. Follow these steps:
Step 12.a. – Login to your VestaCP management panel via https://server-ip:8083
Step 12.b. – Then go to Web > your domain.tld > Edit.
Step 12.c. – Then in the next page you have to enable the SSL Support option.
Step 12.d. – Then click the Generate CSR link and a new browser window / tab will open.
Step 12.e. – Go to that new windows / tab and fill in all required fields. Make sure you use a working email address. UK citizens have to fill in GB in the country 2 letter code, not UK. Once done, hit the OK button.
Step 12.f. – You’ll then get the generated CSR key along with SSL Certificate and SSL RSA Private Key. Here what you’ll use only the CSR and RSA Private Key.
Step 13 – Copy the CSR Key you’ve generated from VestaCP then paste it to your PositiveSSL provider which in my case is SSLs.com
paste the key to SSLs.com and hit the Read CSR button.
Step 14 – SSLs.com will read your CSR key and display in on the next page which you can review. Once everything seems Ok for you, click the Looks Good, Onward button.
Step 15 – SSLs.com will then remind you that the certificate you bought will work on both www and non-www version of your domain. Simply click the Onward button again.
Step 16 – It well then ask you to confirm that the domain you wish to apply for its SSL certificate is really owned by you. There are two domain confirmation methods: by email or by uploading file. You can choose which one is most preferable by you but email method is my favorite method.
Step 17 -Once clicked the Got It, Onward button, you’ll be redirected to another page where you have to fill in some details again.
Once done, click the Onward button again. You’ll then see a page similar to this:
Step 18 – Now upload the given file or check inbox of your email to proceed the confirmation process. If you are using email confirmation method, confirm your email by entering given validation code.
Entering validation code at Comodo website (clicked the browse here link).
Step 19 – Now wait for few minutes (about 1 – 3 minutes) then double-check your inbox because the certificate file will be sent directly to your email. It should look like this:
Step 20 – Download the attached .zip file to your local drive. The file name should be domainname_tld.zip.
Step 21 – Open that file using either Winrar or Winzip or simply extract its content and you’ll get 4 (four) files which are: domainname_tld.crt, COMODORSADomainValidationSecureServerCA.crt, COMODORSAAddTrustCA.crt, and AddTrustExternalCARoot.crt.
Step 22 – Now you have to open each file and copy – paste its content to corresponding field in VestaCP. Here’s the main rule:
SSL Certificate: domainname_tld.crt SSL Key: The SSL Key that you have created in CSR Generation, in Vesta SSL Certificate / Intermediate: Use the other three certificates sended by Comodo in this order: 1- COMODORSADomainValidationSecureServerCA.crt 2- COMODORSAAddTrustCA.crt 3- AddTrustExternalCARoot.crt
I’ll show you in the next steps:
Step 23 – Open the domainname_tld.crt file using your favorite text editor like Notepad, Sublime or Notepad++, etc. In my case I simply use built-in Winrar Text Viewer feature. Copy all of its content and never add or remove any part of it.
Then go back to Vestacp management panel and paste the SSL certificate inside the SSL Certificate field.
Step 24 – Now go back to another Vestacp page where you generated CSR key previously. Copy the SSL Key content:
then paste that copied SSL Private Key to the SSL Key field in previous tab.
Step 25 – Open the COMODORSADomainValidationSecureServerCA.crt file then copy – paste its content to the SSL Certificate Authority / Intermediate field.
Step 26 – Open the COMODORSAAddTrustCA.crt file then copy – paste its content to the SSL Certificate Authority / Intermediate field right after the copied COMODORSADomainValidationSecureServerCA.crt.
Step 27 – Open the AddTrustExternalCARoot.crt file then copy – paste its content to the SSL Certificate Authority / Intermediate field right after the copied COMODORSAAddTrustCA.crt.
Step 28 – Finally, hit the Save button and you’ll see something like this:
The Changes have been saved message indicates that every thing is fine. Otherwise you’ll get an error message.
Step 29 – Now open up your web browser and open your website via https:// protocol and in the address bar you’ll see something like this (in Firefox)
Step 30 – Optionally, if you are using WordPress, search for any SSL plugin to redirect all request to SSL. One of best and simple one that really works is Really Simple SSL plugin.
Other than WordPress? you can simply add syntax below to your .htaccess file to do 301 redirect from http to https
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
That’s all. I hope you like it. Please do not hesitate to drop a comment below if you’ve found any part of those steps above that you don’t quite understand.
In my own experience, I always get B rating at SSLLabs.com test. That’s understandable because I installed Comodo PositiveSSL on Vestacp with 1 IP (shared with other domains) while normally (recommended) SSL can only be installed on a domain with dedicated IP. But thanks to Server Name Indication (SNI) technology implemented in Vestacp so users can now use SSL without requiring a dedicated IP. The main disadvantage of SNI is the fact that it is not compatible with:
- Windows XP + any version of Internet Explorer (6, 7, 8, 9)
- Internet Explorer 6 or earlier
- Safari on Windows XP
- BlackBerry Browser
- Windows Mobile up to 6.5
- Nokia Browser for Symbian at least on Series60
- Opera Mobile for Symbian at least on Series60
So it is recommended to assign dedicated IP to the domain you wish to install SSL on it.
how to activated Comodo SSL using CWP (CentosWebPanel)
next article may be 🙂
Fabulous work. I wish I could have find your article few months back. You’ve detailed every single step to install ssl cert on Vesta control panel. Thanks to support team at cheapsslshop.com, who had helped me to install cert on my server. I couldn’t be succeed unless their help. But your article really make sense to read in troubleshooting of installation. Thanks!
Thanks for your tutorial Mom, I have installed comodo sll with vestacp. But I get little trouble “Can’t connect to domain over https”
Not sure what’s going on here, after enabling SSL for the domain browsers just simply don’t connect to https.
http works just fine.
Unable to connect
Firefox can’t establish a connection to the server.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer’s network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
Misalnya dalam vestacp terdapat 3 domain dan salah satu domain dipasang SSL, apakah hal tersebut dapat digunakan? Mengingat penggunaan SSL harus pada domain yang memiliki dedicated IP (kecuali server mendukung SNI).
bisa. Vestacp sdh support SNI. Tried in my Ramnnode vps
I tired to install and followed exactly the same steps.. and I manually verified via SSH into this directory /home/admin/conf/web/
It has 4 SSL related files
1) ssl.mydomain.net.ca = All bundle file/certificate
2) ssl.mydomain.net.key = RSA private key from 3rd box on vestacp
3) ssl.mydomain.net.crt = this contains the certificate generated from SSL provider by entering the vestacp CSR value.
4) ssl.mydomain.net.pem = looks similar to bundle certificate
But whenever and from Vestacp check-marked on SSL and location public_html/ set
and the CMS is Ecommerce Magento.
when I’m opening site without ssl like http://www.mydomain.net/ it opening the same unsecured page
and when I’m opening with SSL link https://www,mydomain.net/ it’s showing error
i.e Unable to Connect. on both URLS https://www and https:// without www.
I’m sure there must be something to set inside the apache.conf or sapache.conf
1 more thing I’m using the default template.. NO ngnix enabled for this site mydomain.net
Let me know You or someone can help me out with this thanks.
Well I don’t quite sure about Magento -in WordPress I can simply use SSL Plugin- but the basic concept is simple, you still need to add redirection to redirect http to https.
Without Enabling nginx Support, The SSL or Secure website is giving Unable to Connect Error. but when I enabled the Nginx Support it’s Successful Opening the Secured website. means SSL working if Nginx enabled. help me with what setting on server side files to change to work the SSL on both with or without nginx Support, Thanks
Hi Mom,
After installing the ssl on the domain the email is not working anymore. Can you please let me know how to fix it?
Yes, my email also kind of stopped working after adding SSL on vesta