How to add Domain with free SSL Certificate on VestaCP

VestaCP is a free web server control panel for website. You can manage your sites through an easy to use web interface. VestaCp supports secure website via HTTPS.

Let’s Encrypt is a new chargeless affidavit ascendancy (CA) that issues chargeless area accurate (DV) SSL/TLS certificates for enabling defended (HTTPS) on your site. Let’s Encrypt automates the affidavit appeal processing authoritative it accessible to defended a your website with a distinct command.

VestaCP accept Certbot that acclimated to install Let’s Encrypt certificates. Its accouterment all area and user to acquiesce certificate. When you accredit Letsencrypt SSL its auto analysis your armpit its abide on VestaCP and verify it again enabled SSL.

Login into your VestaCp goto Web menu and click on add domain.

Enter your domain name and click on advanced options.

Letsencrypt installation on Vestacp.

Click on SSL Support and then click on Lets Encrypt Support.

Move down there a options Web Statistics.

if you want to use it then choose Awstats otherwise its none.

Awstats keep count your daily visitor, pageviews, user ip, Bot count, User Agent, Search keyword, Top Search engine, Top Referral etc.

Then click on add domain.

You can got msg your domain successfully added.


Now you can go in Web menu again and check SSL active or not.

Letsencrypt installation from Root

If your VestaCP doesn’t support Letsencrypt SSL option then open a root shell with putty or other any which software your using.

Git clone both the certbot and Let’s Encrypt into /usr/local. Its install in new two folders, /usr/local/certbot and /usr/local/letsencrypt-vesta.

cd /usr/local
git clone
git clone

Run command create the webroot folder for Letsencrypt. It will create the files needed for domain verification.

    mkdir -p /etc/letsencrypt/webroot

Choose the Apache configuration or Nginx configuration (both below). Its depending on your specific server configuration (the Apache configuration is recommended unless you’re only running Nginx).

Run symlink certbot-auto and letsencrypt-vesta in /usr/local/bin for easy access. This allows them to be run without needing to know the full path to the programs.

    ln -s /usr/local/certbot/certbot-auto /usr/local/bin/certbot-auto
ln -s /usr/local/letsencrypt-vesta/letsencrypt-vesta /usr/local/bin/letsencrypt-vesta

Now add Apache configuration

ln -s /usr/local/letsencrypt-vesta/letsencrypt.conf /etc/httpd/conf.d/letsencrypt.conf

Restart Apache Webserver

service httpd restart

   letsencrypt-vesta USERNAME DOMAIN

The first time you run certbot-auto (either via letsencrypt-vesta or separately) it will do some initial setup work that could take a few minutes. Its runs should be faster, as this setup is only needed once per server.

Once installed, certificates can be requested by running letsencrypt-vesta command. Many options can be passed to determine which domains will be included in the certificate:

sudo letsencrypt-vesta [-a days] [-m email] [-u] user1 [domainlist1] […-u userN [domainlistN]]

This -a option allow automatic Letsencrypt certificate updates in days at scheduler, if it is available.
The -m option allows the acquaintance email abode and anesthetized to Let’s Encrypt. If omitted, the email abode from the aboriginal area in the affidavit will be used.
The -u option specifies a Vesta username and an alternative space-separated annual of Vesta domains (sites) hosted beneath that username to add to the certificate. Each area and all aliases of that area will be added to the certificate. If no domains are specified, the affidavit will be issued to every area in the account.
Multiple -u options can be authentic to board domains above different Vesta accounts. For backwards compatibility, the -u is another for the ancient account.

The aloft command is acclimated to abode new certificates and to renew avant-garde installed certificates. Note that Let’s Encrypt certificates expire every 90 days. It’s recommended to renew them afterwards 60 days.

If a armpit doesn’t already acquire SSL abutment it will be enabled with public_html as the SSL home. Otherwise, the complete SSL affirmation will be replaced with the one issued by Let’s Encrypt.

Cron is the best well-know job scheduling apparatus for Unix-type systems. It schedules jobs to action automatically at set times on a alternating base and is installed by absence on best systems. Unlike at, however, cron requires an added footfall to set up alternating affidavit installations.

If you accept to use cron, you charge aboriginal run the letsencrypt-vesta command on its own to complete the antecedent affidavit appeal and installation. Then you charge manually agenda the job to run afresh by abacus it to the basis user’s crontab file.

To adapt the crontab, blazon the afterward command:

    sudo crontab -e

If you aren’t accustomed with the architecture of a crontab file, the Wikipedia commodity on Cron does a acceptable job of anecdotic it. As an example, this command will agenda the job to run at 2:08 am on the aboriginal day of anniversary alike numbered ages (February, April, June, …):

   8  2  1  */2  *  /usr/local/bin/letsencrypt-vesta USERNAME DOMAIN

Be sure not to use the -a option when using cron as it could cause the same certificates to be double-renewed.

Related posts

One Thought to “How to add Domain with free SSL Certificate on VestaCP”

  1. Thanks for posting. Its very helpful for me.

Leave a Reply

%d bloggers like this: