Letsencrypt on VestaCP


#1

I’m currently trying to set it up, for testing purposes, on my Vesta environment.
However, after I generate the certificate I get four files;
cert1.pem
chain1.pem
fullchain1.pem
privkey1.pem

I put the following in the order
"SSL certificate" = cert1.pem
"SSL Key" = privkey1.pem
"SSL CA/intermediate" = fullchain1.pem

I disabled nginx proxy, because apparently after restarting it it makes nginx not load.
one.example.org loads via http://
But as soon as I load https://one.example.org it loads a “webpage could not load”. :expressionless:
It’s running on an Ubuntu 14.04.3 LTS" environment.

I would appreciate any feedback.


#2

Use privkey1.pem for “SSL Key” and chain.pem for “SSL CA/intermediate”.


#4

Just tried it and restarted vesta and apache2 services and problem persists.


#5

Well, that’s all there is to say from the information you have given. I suggest you try to find more information, error messages in the log or sharing the actual URL for example.


#6

I was able to get it working on my site (here) with these documents https://docs.google.com/document/d/1y5tTtImTGk_zqYe3lelGtMl8_gSCQcNgCCdbYTQAb7E/edit http://forum.vestacp.com/viewtopic.php?f=10&t=9158&start=10

The problem that Im having now is that when I try to load the CP on mobile it says untrusted


#7

Oh my god Torlerr, thank you. I’ll read your passage and continue through my quest.
You’re doing god’s work son.


#8

The Vesta control panel interface (port 8083) runs on a separate Nginx interface from your main sites and uses it’s own certificate. You can replace the default self-signed certificate with a Let’s Encrypt cert by editing /usr/local/vesta/nginx/conf/nginx.conf.

Pretending your certificate was issued for myserver.com, you’d change this file to reflect the following:

ssl_certificate: /etc/letsencrypt/live/myserver.com/fullchain.pem;
ssl_certificate_key: /etc/letsencrypt/live/myserver.com/privkey.pem;