Fix VestaCP Admin Panel SSL Certificate Error

VestaCP is an open source free web hosting control panel alternative to cPanel which also has built in features for hosting Websites, Emails, Databases, DNS, SSL Encryption and many more.

OVERVIEW OF THE ISSUE

You can generate Lets Encrypt SSL certificate by VestaCP for the Web Domain used for the VestaCP Admin Panel for free. But you will see the SSL warning, although you have successfully generated it. I will walk you through the steps to fix this issue.

Not secure

First login to the VestaCP Admin Panel with admin credentials. Then navigate to WEB section and edit the Domain used for the VestaCP Admin Panel. You will see that the Domain has enabled with Lets Encrypt SSL certificate.



FIX FOR THE ISSUE

SSH to your VestaCP server. Then navigate to the directory /home/admin/conf/web. Generated SSL files for the Domain can be found in this directory with the file names started with ssl.[Domain].crt and ssl.[Domain].key.

But the VestaCP Admin Panel content is served from the directory path /usr/local/vesta/ and its default SSL certificate files certtificate.crt and certificate.key are serving from the directory /usr/local/vesta/ssl. Now this is the issue we are experiencing as the default SSL certificate has not been generated from valid certificate authority. So we need to replace these default SSL certificate with the files we have generated from the Lets Encrypt support.

In order to fix this rename the default ssl certificate files certtificate.crt and certificate.key as certtificate.crt_old and certificate.key_old.

Now copy same generated valid certificate files ssl.[Domain].crt and ssl.[Domain].key from /home/admin/conf/web to /usr/local/vesta/ssl. Then rename those as certtificate.crt and certificate.key.

cd /usr/local/vesta/ssl
mv certificate.crt certificate.crt_old
mv certificate.key certificate.key_old
cp /home/admin/conf/web/ssl.[Domain].crt /usr/local/vesta/ssl/certificate.crt
cp /home/admin/conf/web/ssl.[Domain].key /usr/local/vesta/ssl/certificate.key

Finally, restart the VestaCP service executing the command.

/etc/init.d/vesta restart

Now open the web browser and browse the VestaCP Admin Panel URL again. You will see the VestaCP Admin Panel certificate warning issue is now fixed and valid SSL certificate is in placed.

Please note Lets Encrypt certificate is valid for 3 months and you will have to copy the updated file accordingly or add a symbolic links as “Mike Flowers” suggested in the comment section.

That’s it. 😉

You may also like...

15 Responses

  1. Mark says:

    Great Fix. After copying the files also restart dovecot to fix IMAP & SMTP certificate errors

  2. Mike Flowers says:

    why not use symbolic links so that the cert does not need copying every 3 months? In Ubuntu
    ln -s /home/admin/conf/web/domain.key /usr/local/vesta/ssl/certificate.key
    ln -s /home/admin/conf/web/domain.crt /usr/local/vesta/ssl/certificate.crt

  3. Thank you very much. This tutorial help fix the SSL issue on my VestaCP admin panel, although quick question, do I have to do this every three months or will the SSL certificate get renewed automatically if there is a CRON Job to reissue the SSL certificate every three months?

  4. Padam Shankhadev says:

    How to fix ssl error in /mail and /phpmyadmin url too ?

  5. Surya says:

    Thanks a ton.. it helped..

  6. Tj says:

    Hello thank you for this post but i have something strange happened to me after installing ssl for my domain suddenly i cant login to ftp users i only can enter with the ftp user “root” i chcked ftp users i even created new ftp users via vesta and still cant connect i tried both ftp sftp everything

  7. Tj says:

    sorry for the replies but i checked the passwrd file and it contains the ftp user but its not connecting it says 530 incorrect

    • Charitha Buddhika says:

      It looks that the FTP ports have not allowed from your firewall. Please allow inbound firewall ports 20,21,12000-12100 and try to connect. Thanks

  8. I take a look and seem we can config it in web interface now. You can try take a look in: Server – Configure – Vesta SSL.

Leave a Reply

Your email address will not be published. Required fields are marked *