How to Install LetsEncrypt Trusted SSL Certificates on VestaCP

This tutorial will walk you through the process of installing LetsEncrypt free trusted SSL certificate on VestaCP hosted at DigitalOcean.

How to Install LetsEncrypt Trusted SSL Certificates on VestaCP

What is an SSL? SSL stands for Secure Socket Layer and its main purpose is to protect your sensitive information as it travels across the internet. By adding SSL to your website, your business will gain more trust from your customers as it kept all sensitive information safe from hackers.

Thank LetsEncrypt, they are offering free trusted certificates for websites. This tutorial will guide you how to install a free trusted certificate from LetsEncrypt on a VestaCP server.

Server Specification

Below is the information about our server configuration that hosted with a minimal server specification at DigitalOcean:

SpecificationInstallation Environment
Storage20 GB
OSUbuntu 15.10 x64
Control PanelVestaCP
VestaCP Web ServerNginx with Apache

LetsEncrypt Installation

Before you can obtain free certificates from LetsEncrypt, you will need to install the LetsEncrypt Client on your server first. On your computer, use any software or terminal to connect to your server and proceed the following steps:

Step 1: clone the installation script

Run the following command to download LetsEncrypt installation script on to your server /opt/share/

$ sudo git clone /opt/share/letencrypt

Step 2: Install all LetsEncrypt’s dependencies

Run letsencrypt-auto script resides in /opt/share/letsencrypt/ will installs all of its own dependencies and updates the client code automatically.

$ sudo /opt/share/letsencrypt/letsencrypt-auto --help

It will take a few minutes to download and install all dependencies. We use --help parameter here in order to prevent the script from displaying HTTPS Activation wizard because we will manually generate a certificate for a specific domain later.

Generate Certificate for your Website

After you have properly installed LetsEncrypt, now you can generate the certificate for any websites on your server. Here, we will generate a certificate for our website named

Note: make sure that you have already add to VestaCP and point and to your VestaCP server correctly.

Run the following command to generate a certificate for

$ /opt/share/letsencrypt/letsencrypt certonly --webroot -w /home/admin/web/ -d -d

Next, you will ask to enter an Email Address for key recovery:

Admin Email Address

Agree to the LetsEncrypt Terms of Service.

LetsEncrypt Agreement

Now, it will generate 4 files under /etc/letsencrypt/live/ as below:

  • cert.perm – will be used for SSL Certificate
  • chain.perm – will be used for SSL Certificate Authority / Intermediate
  • fullchain.perm
  • privkey.perm – will be used for SSL Key

Applying the Certificate on VestaCP

You have already generated all certificate information, now it’s time to apply the certificate to your website. To do so, you need to log into your VestaCP > WEB and click on EDIT

VistaCP > WEB >

Next, you will need to copy the content of the three generated certificates file by using cat command and paste them on to below textbox. Example:

$ cat /etc/letsencrypt/live/
$ cat /etc/letencrypt/live/
$ cat /etc/letencrypt/live/

Pasting Certificate Info

Click Save

VestaCP - Saving Web Setting Info

Access Your Website with HTTPS

After you finishing apply certificate information to your website, now it’s time to test your secure connection via HTTPS. Open up your favorite browser and type your domain name with https protocol as below:

If you get the result as the picture above, it means that you have successfully installed a FREE certificate for your website.

Shop Related Products

Further Reading: , , , ,

Comments (4)

4 thoughts on “How to Install LetsEncrypt Trusted SSL Certificates on VestaCP

  1. Steven John says:

    How long does the certificate is valid?

    • Karry Eyota says:

      Currently, the certificate is issued by Let’s Encrypt valid for 3 months only. To renew, you will need to run the same command as when you first generate the certificate.

    • kreezxil says:

      You can also use the renew option from letsencrypt-auto:

      sudo /opt/share/letsencrypt/letsencrypt-auto renew

      put it in your roots crontab as

      /opt/share/letsencrypt/letsencrypt-auto renew

      and set it to run every so often.

      The script will check to see if you have expired certs and renew them automatically for you, so you won’t have to do it for all of your sites.

  2. kreezxil says:

    You have a typo:

    /opt/share/letsencrypt/letsencrypt certonly –webroot -w /home/admin/web/ -d -d

    should read

    /opt/share/letsencrypt/letsencrypt-auto certonly –webroot -w /home/admin/web/ -d -d

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.