I will not dwell too much on particular explanations why this is an article intended for system administrators, and then to people that know what they are doing and who are able to understand the contents of this article and decide if it is appropriate to apply these changes to the server. However, I would ask you to read the whole article before deciding if it is the case to apply the contents on your server. At the time I write this article, when you update vestacp you encounter errors in the generation and renewal of certificates with letsencrypt. Sometimes this happens because you have a cdn like for example cloudflare, sometimes occurs when the server is configured wrong. In our case, I found a way to bypass the problem that I explain below.
You need to install certbot (I will explain how to do that in another article) and then you have to write the command certbot, it will start an automatic procedure where you are prompted for the necessary information to generate the certificate. Once you have generated your certificate you'll find files with the extension pem in the folder /etc/letsencrypt/live/domainname.tlc
Open your control panel vestacp, click on domains under the web category. Select edit next to the name of your domain and you will see something very similar to this one:
Now, after having checked the box SSL support, you will need to open the file inside the folder /etc/letsencrypt/live/domainname.tlc
- The contents of the file cert.pem it must be pasted in the SSL Certificate field, then in the first pane;
- The contents of the file privkey.pem should be pasted in the field SSL Key that is in the second pane;
- The contents of the file chain.pem should be pasted in the field of the SSL Certificate Authority / Intermediate.
At this point, if you did everything correctly, you will discover that you will be issued with no error message and the certificates were accepted perfectly.
This trick is especially important in emergency cases where you may want to avoid making bad impressions with clients or users of the site. For a permanent solution, and the professional should contact the assistance of vestacp.
In addition, it is dutiful to point out that this solution is temporary because I have not indicated any method for automatically renew the certificate. In reality it would be sufficient for a script, but more on that later in another article. Remember that vestacp by default and might create problems, in case you want to manually edit the files inside of the folder that contains the configuration files of apache or nginx. So if you wish to set up an automated script that can regenerate the certificate, remember that the standard settings vestacp does not see of good eye the direct reading inside the folder /etc and then you will need to copy the files inside and then you will have to retrieve from the configuration file. Do not write in this article, because the insertion of the strings of certificates inside the boxes of vestacp is a standard operation covered by the developers of vestacp, and therefore should not interfere too much with the operation of the server.