SSL Cert for Vesta Backend?
Closed this issue · 2 comments
Hi,
more a question not an issue:
Is it possible to use this to replace the selfsigned Certificate under /usr/local/vesta/ssl?
Ok found the answer myself..
Just symlink these two:
/home/admin/conf/web/ssl.domain.tld.key /usr/local/vesta/ssl/certificate.key
/home/admin/conf/web/ssl.domain.tld.crt /usr/local/vesta/ssl/certificate.crt
Yes, that will do it. I didn't attempt to build support for the admin cert into the tool because it's really easy to set up manually and would actually be a lot more diffiucult to try to automate.
Alternatively you can change paths in /usr/local/vesta/nginx/conf/nginx.conf:
#ssl_certificate /usr/local/vesta/ssl/certificate.crt;
#ssl_certificate_key /usr/local/vesta/ssl/certificate.key;
ssl_certificate /etc/letsencrypt/live/ssl.domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ssl.domain/privkey.pem;
Both approaches will work fine (if you're worried about Vesta overwriting the conf file, it won't--I've been running a custom SSL configuration with a non-Let's Encrypt cert for more than a year and Vesta has never touched it). Just remember that you'll need to restart the vesta service whenever you renew the cert it is linked to:
service vesta restart