I will not go too far on particular explanations because this is an article aimed at system administrators and therefore people who know what they are doing and who are able to understand the contents of this article and decide if it is appropriate apply these changes to the servers. However, I would ask you to read the entire article before deciding whether it is appropriate to apply the contents on your server. At the time I write this article, when i update vestacp you encounter errors in the generation and renewal of certificates with letsencrypt. Sometimes this happens because you have a cdn such as cloudflare, sometimes it occurs when the server is poorly configured. In our case, I found a way to bypass the problem I illustrate below.
You have to install certbot (Iβll explain how to do in another article) and then you have to write the certbotcommand, you will start an automatic procedure in which you are asked for the information necessary to generate the certificate. Once the certificate is generated you will find the files with the .pem extension inside the folder /etc/letsencrypt/live/nomedominio.tlc
Then open your control panel in vestacp,click on domains under the web category. Select Edit next to your domain name and after selecting the SSL media box, you will need to open the files in the folder /etc/letsencrypt/live/nomedominio.tlc
β The contents of the cert.pem file must be pasted into the SSL Certificate field then in the first pane;
β The contents of the privkey.pem file must be pasted into the SSL Key field or the second pane;
β The contents of the chain.pem file must be pasted into the SSL Certificate Authority / Intermediatefield.
At this point, if you have done everything correctly, you will find that you will not be issued any error message and that the certificates have been accepted perfectly.
This trick is especially useful in emergency cases where you want to avoid making bad figures with customers or with the users of the site. For a permanent and professional solution you should contact the assistance of vestacp.
It is also necessary to report that this solution is temporary because I have not indicated any method to automatically renew the certificate. Actually a script would suffice but weβll talk about it later in another article. Remember that vestacp by default may create problems in case you want to manually edit the files within the folder that contains the apache or nginx configuration files. So if you want to set up an automatic script that can regenerate the certificate remember that the standard settings of vestacp do not like the direct reading inside the /etc folder and then you will need to copy the files inside the and then you will have to recall from configuration files. I do not write this in this article, because the insertion of certificate strings within the vestacp boxes is a standard operation contemplated by the developers of vestacp and therefore should not interfere too much with the operation of the server.
