Install PositiveSSL for the VestaCP login page

Some of you don’t know this but I run as a project for and have a successful cPanel server in Miami, Florida. After talking with Anthony (owner of Inception Hosting) we mutually decided to expand to the Netherlands, this time using VestaCP as the control panel dispite the name in the url. 🙂 After the initial testing it was time to get a valid externally signed certificate for the Control Panel itself and since Namecheap offered cheap PositiveSSL with new domains I had one left that could be used for this occasion.

Creating the CSR (Certificate Signing Request)

First thing first, create the request that we should send to Namecheap. Running this command will ask you a few questions in return, be truthful when answering. If asked for a password, leave it empty.

As you can see I have in the commandline since that is the domain I will be requesting a cetificate for. Change this to the domain name that you own and will request at certificate for. In that same directory that you ran the above command you will now find a .csr file (in my case named:

This file has the information that you need to paste into the Namecheap order form for a new certificate. i will not go into the details on how to order the Certificate on the namecheap website, instead lets jump to the point when you recieve the certificate in your email.

Install the new certificate

In that email there should be a ZIP-file containg four files:

  • AddTrustExternalCARoot.crt
  • COMODORSAAddTrustCA.crt
  • COMODORSADomainValidationSecureServerCA.crt

Save all files in the /usr/local/vesta/ssl/ directory and also copy the key file that was created at the same time as the csr file to that directory.

The config file for VestaCP that we need to edit to change the certificate is named

But before we edit that file we need to do two things, combine the certificate for our domain name and the intermidiate certificates into one file and change the permissions of two files.

Combine three of the received files into one by using this command:

Make sure you update the command to use the name of your certificate.

Edit the Vesta config file:

find the SSL Certificate section

Comment the two lines and add your own certificate, it should look something like this:

Change the owner on the two files that you added to the Vesta config file

restart Vesta

Look for potential errors, if you can’t fix them yourself, comment out the newly added rows in

and restart VestaCP again to go back to the self-signed certificates. Post your error messages in the comments below and I’ll do my best to assist you.

If you have a tab open in your web browser to your control panel login page, close and reopen it. You should now see that your login page uses the bought certificate.


9 comments for “Install PositiveSSL for the VestaCP login page

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.