Install PositiveSSL for the VestaCP login page

Some of you don’t know this but I run Freecpanelsharedhosting.com as a project for Lowendspirit.com and have a successful cPanel server in Miami, Florida. After talking with Anthony (owner of Inception Hosting) we mutually decided to expand to the Netherlands, this time using VestaCP as the control panel dispite the name in the url. 🙂 After the initial testing it was time to get a valid externally signed certificate for the Control Panel itself and since Namecheap offered cheap PositiveSSL with new domains I had one left that could be used for this occasion.

Creating the CSR (Certificate Signing Request)

First thing first, create the request that we should send to Namecheap. Running this command will ask you a few questions in return, be truthful when answering. If asked for a password, leave it empty.

As you can see I have nl01.freecpanelsharedhosting.com in the commandline since that is the domain I will be requesting a cetificate for. Change this to the domain name that you own and will request at certificate for. In that same directory that you ran the above command you will now find a .csr file (in my case named:

This file has the information that you need to paste into the Namecheap order form for a new certificate. i will not go into the details on how to order the Certificate on the namecheap website, instead lets jump to the point when you recieve the certificate in your email.

Install the new certificate

In that email there should be a ZIP-file containg four files:

  • AddTrustExternalCARoot.crt
  • COMODORSAAddTrustCA.crt
  • COMODORSADomainValidationSecureServerCA.crt
  • nl01.freecpanelsharedhosting.com.crt

Save all files in the /usr/local/vesta/ssl/ directory and also copy the key file that was created at the same time as the csr file to that directory.

The config file for VestaCP that we need to edit to change the certificate is named

But before we edit that file we need to do two things, combine the certificate for our domain name and the intermidiate certificates into one file and change the permissions of two files.

Combine three of the received files into one by using this command:

Make sure you update the command to use the name of your certificate.

Edit the Vesta config file:

find the SSL Certificate section

Comment the two lines and add your own certificate, it should look something like this:

Change the owner on the two files that you added to the Vesta config file

restart Vesta

Look for potential errors, if you can’t fix them yourself, comment out the newly added rows in

and restart VestaCP again to go back to the self-signed certificates. Post your error messages in the comments below and I’ll do my best to assist you.

If you have a tab open in your web browser to your control panel login page, close and reopen it. You should now see that your login page uses the bought certificate.

 

9 comments for “Install PositiveSSL for the VestaCP login page

  1. January 22, 2015 at 12:44

    * Restarting vesta-nginx vesta-nginx nginx: [emerg] SSL_CTX_use_PrivateKey_file(“/usr/local/vesta/ssl/panel_mapachehosting_com.key.nopass”) failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(‘/usr/local/vesta/ssl/panel_mapachehosting_com.key.nopass’,’r’) error:20074002:BIO routines:FILE_CTRL:system lib error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib)

    this error??

  2. January 22, 2015 at 12:45

    * Restarting vesta-nginx vesta-nginx nginx: [emerg] SSL_CTX_use_PrivateKey_file(“/usr/local/vesta/ssl/panel_mapachehosting_com.key.nopass”) failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(‘/usr/local/vesta/ssl/panel_mapachehosting_com.key.nopass’,’r’) error:20074002:BIO routines:FILE_CTRL:system lib error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib)

    this error?

    • January 22, 2015 at 20:29

      Nginx can’t find this file /usr/local/vesta/ssl/panel_mapachehosting_com.key.nopass does it exist? If it does, check the permissions on the file.

  3. January 23, 2015 at 01:48

    already solved. the problem was that the name of my key was panel_mapachehosting_com.key and switch to panel_mapachehosting_com.key.nopass
    thank you very much

  4. mert
    February 7, 2015 at 17:45

    Please can you make a movie this tutorial?

    • February 7, 2015 at 21:54

      What part are you having trouble with?

  5. Annie Leonhardt
    February 16, 2015 at 04:56

    😀 I removed the .nopass and it worked like a charm.

    • February 16, 2015 at 22:31

      I noticed that I made a mistake in the guide, I created the first certificate with a password and had to remove it and the key file without password was named .nopass. Oooopss, sorry 🙂

      I’ve updated the guide by now.

Leave a Reply

Your email address will not be published. Required fields are marked *