– Let’s encrypt creates and stores its SSL certs in /home/username/conf/web and lists them as :
ssl.website.crt
ssl.website.key
Whereas VestaCP control panel stores its hostname SSL certs in: /usr/local/vesta/ssl and lists them as:
certificate.crt
certificate.key
So, we need to rename the old VestaCP cert files first to some dummy text so that VestaCP no longer use them and then Symlink the files. Please follow the next steps to know how to do this.
– SSH into your server and enter these two commands to rename the old files :-
mv /usr/local/vesta/ssl/certificate.crt /usr/local/vesta/ssl/unusablecer.crt
mv /usr/local/vesta/ssl/certificate.key /usr/local/vesta/ssl/unusablecer.key
– Create symlinks to point to the new ones
ln -s /home/admin/conf/web/ssl.servername.crt /usr/local/vesta/ssl/certificate.crt
ln -s /home/admin/conf/web/ssl.servername.key /usr/local/vesta/ssl/certificate.key
– Restart VestaCP
service vesta restart
or
/etc/init.d/vesta restart
– Clear your browser cache and then try logging in to your control along with port 8083 and Bingo, port 8083 is now SSL secure!
Broken Permissions Solution
To fix broken permissions, enter the following commands.
Replace your.adminpanel.com with your admin panel’s URL.
chgrp mail ssl.your.adminpanel.com.key
chmod 660 ssl.your.adminpanel.com.key
chgrp mail ssl.your.adminpanel.com.crt
chmod 660 ssl.your.adminpanel.com.crt