Fix VestaCP Admin Panel SSL Certificate Error

VestaCP is an open source free web hosting control panel alternative to cPanel which also has built in features for hosting Websites, Emails, Databases, DNS, SSL Encryption and many more.

OVERVIEW OF THE ISSUE

You can generate Lets Encrypt SSL certificate by VestaCP for the Web Domain used for the VestaCP Admin Panel for free. But you will see the SSL warning, although you have successfully generated it. I will walk you through the steps to fix this issue.

Not secure

First login to the VestaCP Admin Panel with admin credentials. Then navigate to WEB section and edit the Domain used for the VestaCP Admin Panel. You will see that the Domain has enabled with Lets Encrypt SSL certificate.



FIX FOR THE ISSUE

SSH to your VestaCP server. Then navigate to the directory /home/admin/conf/web. Generated SSL files for the Domain can be found in this directory with the file names started with ssl.[Domain].crt and ssl.[Domain].key.

But the VestaCP Admin Panel content is served from the directory path /usr/local/vesta/ and its default SSL certificate files certtificate.crt and certificate.key are serving from the directory /usr/local/vesta/ssl. Now this is the issue we are experiencing as the default SSL certificate has not been generated from valid certificate authority. So we need to replace these default SSL certificate with the files we have generated from the Lets Encrypt support.

In order to fix this rename the default ssl certificate files certtificate.crt and certificate.key as certtificate.crt_old and certificate.key_old.

Now copy same generated valid certificate files ssl.[Domain].crt and ssl.[Domain].key from /home/admin/conf/web to /usr/local/vesta/ssl. Then rename those as certtificate.crt and certificate.key.

cd /usr/local/vesta/ssl
mv certificate.crt certificate.crt_old
mv certificate.key certificate.key_old
cp /home/admin/conf/web/ssl.[Domain].crt /usr/local/vesta/ssl/certificate.crt
cp /home/admin/conf/web/ssl.[Domain].key /usr/local/vesta/ssl/certificate.key

Finally, restart the VestaCP service executing the command.

/etc/init.d/vesta restart

Now open the web browser and browse the VestaCP Admin Panel URL again. You will see the VestaCP Admin Panel certificate warning issue is now fixed and valid SSL certificate is in placed.

Please note Lets Encrypt certificate is valid for 3 months and you will have to copy the updated file accordingly or add a symbolic links as “Mike Flowers” suggested in the comment section.

That’s it. 😉

Rating: 4.2/5. From 6 votes.
Please wait...

You may also like...

5 Responses

  1. Mark says:

    Great Fix. After copying the files also restart dovecot to fix IMAP & SMTP certificate errors

  2. Mike Flowers says:

    why not use symbolic links so that the cert does not need copying every 3 months? In Ubuntu
    ln -s /home/admin/conf/web/domain.key /usr/local/vesta/ssl/certificate.key
    ln -s /home/admin/conf/web/domain.crt /usr/local/vesta/ssl/certificate.crt

    • Charitha Buddhika says:

      Yes. you can add a symbolic links as well. I have modified the post with your suggestion. Thank you Mike

  3. Thank you very much. This tutorial help fix the SSL issue on my VestaCP admin panel, although quick question, do I have to do this every three months or will the SSL certificate get renewed automatically if there is a CRON Job to reissue the SSL certificate every three months?

Leave a Reply

Your email address will not be published. Required fields are marked *

Fix VestaCP Admin Panel SSL Certificate Error

time to read: 2 min
5