How to Install LetsEncrypt Trusted SSL Certificates on VestaCP
This tutorial will walk you through the process of installing LetsEncrypt free trusted SSL certificate on VestaCP hosted at DigitalOcean.
What is an SSL? SSL stands for Secure Socket Layer and its main purpose is to protect your sensitive information as it travels across the internet. By adding SSL to your website, your business will gain more trust from your customers as it kept all sensitive information safe from hackers.
Thank LetsEncrypt, they are offering free trusted certificates for websites. This tutorial will guide you how to install a free trusted certificate from LetsEncrypt on a VestaCP server.
Server Specification
Below is the information about our server configuration that hosted with a minimal server specification at DigitalOcean:
Specification | Installation Environment |
---|---|
CPU | 1 CPU |
RAM | 512 MB |
Storage | 20 GB |
OS | Ubuntu 15.10 x64 |
Control Panel | VestaCP |
VestaCP Web Server | Nginx with Apache |
LetsEncrypt Installation
Before you can obtain free certificates from LetsEncrypt, you will need to install the LetsEncrypt Client on your server first. On your computer, use any software or terminal to connect to your server and proceed the following steps:
Step 1: clone the installation script
Run the following command to download LetsEncrypt installation script on to your server /opt/share/
$ sudo git clone https://github.com/letsencrypt/letsencrypt /opt/share/letencrypt
Step 2: Install all LetsEncrypt’s dependencies
Run letsencrypt-auto
script resides in /opt/share/letsencrypt/
will installs all of its own dependencies and updates the client code automatically.
$ sudo /opt/share/letsencrypt/letsencrypt-auto --help
It will take a few minutes to download and install all dependencies. We use --help
parameter here in order to prevent the script from displaying HTTPS Activation wizard because we will manually generate a certificate for a specific domain later.
Generate Certificate for your Website
After you have properly installed LetsEncrypt, now you can generate the certificate for any websites on your server. Here, we will generate a certificate for our website named domain.com.
Note: make sure that you have already add mydomain.com to VestaCP and point mydomain.com and www.mydomain.com to your VestaCP server correctly.
Run the following command to generate a certificate for mydomain.com:
$ /opt/share/letsencrypt/letsencrypt certonly --webroot -w /home/admin/web/mydomain.com/public_html/ -d mydomain.com -d www.mydomain.com
Next, you will ask to enter an Email Address for key recovery:
Agree to the LetsEncrypt Terms of Service.
Now, it will generate 4 files under /etc/letsencrypt/live/mydomain.com
as below:
- cert.perm – will be used for SSL Certificate
- chain.perm – will be used for SSL Certificate Authority / Intermediate
- fullchain.perm
- privkey.perm – will be used for SSL Key
Applying the Certificate on VestaCP
You have already generated all certificate information, now it’s time to apply the certificate to your website. To do so, you need to log into your VestaCP > WEB and click on EDIT
Next, you will need to copy the content of the three generated certificates file by using cat
command and paste them on to below textbox. Example:
$ cat /etc/letsencrypt/live/mydomain.com/cert.perm $ cat /etc/letencrypt/live/mydomain.com/privkey.perm $ cat /etc/letencrypt/live/mydomain.com/chain.perm
Click Save
Access Your Website with HTTPS
After you finishing apply certificate information to your website, now it’s time to test your secure connection via HTTPS. Open up your favorite browser and type your domain name with https protocol as below:
https://mydomain.com
If you get the result as the picture above, it means that you have successfully installed a FREE certificate for your website.
How long does the certificate is valid?
Currently, the certificate is issued by Let’s Encrypt valid for 3 months only. To renew, you will need to run the same command as when you first generate the certificate.
You can also use the renew option from letsencrypt-auto:
sudo /opt/share/letsencrypt/letsencrypt-auto renew
put it in your roots crontab as
/opt/share/letsencrypt/letsencrypt-auto renew
and set it to run every so often.
The script will check to see if you have expired certs and renew them automatically for you, so you won’t have to do it for all of your sites.
You have a typo:
/opt/share/letsencrypt/letsencrypt certonly –webroot -w /home/admin/web/mydomain.com/public_html/ -d mydomain.com -d http://www.mydomain.com
should read
/opt/share/letsencrypt/letsencrypt-auto certonly –webroot -w /home/admin/web/mydomain.com/public_html/ -d mydomain.com -d http://www.mydomain.com