Page 1 of 1

Web interface using different ssl certificate?

Posted: Mon Apr 03, 2017 3:12 pm
by prxbl
I've recently installed a Comodo SSl certificate and I've switched my main domain to HTTPS.
However the web interface of vesta does not use the new certificate and is still giving me the error message
"Your connection is not private"

I am using Vesta 0.9.8 r17 on Ubuntu 14.04
How can I fix this, so that the vesta web interface makes use of the same certificate?

Thanks

Re: Web interface using different ssl certificate?

Posted: Tue Apr 04, 2017 10:40 am
by skurudo
Quick answer - yes, different.

Re: Web interface using different ssl certificate?

Posted: Tue Apr 04, 2017 11:10 am
by prxbl
How can I fix this?

Re: Web interface using different ssl certificate?

Posted: Tue Apr 04, 2017 11:15 am
by skurudo
You have two ways to do this:
1) via web... SERVER -> configure -> Vesta SSL

2) vesta-nginx -> /usr/local/vesta/nginx/conf/nginx.conf and add path to your cettificate:

Code: Select all

    ssl_certificate      /home/admin/conf/web/ssl.domain.ru.pem;
    ssl_certificate_key  /home/admin/conf/web/ssl.domain.ru.key;

Re: Web interface using different ssl certificate?

Posted: Tue Apr 04, 2017 11:34 am
by prxbl
Method 1 would have been nice but it did not work, I was getting this error "Error: Certificate Authority not found", even though there we're only 2 fields: SSL Certificate and SSL Key which I was copy and pasting from the domain config tab.

Method 2 worked and it successfully solved the issue.
Thank you!

Re: Web interface using different ssl certificate?

Posted: Tue Apr 04, 2017 1:46 pm
by techforusnews
prxbl wrote:I've recently installed a Comodo SSl certificate and I've switched my main domain to HTTPS.
However the web interface of vesta does not use the new certificate and is still giving me the error message
"Your connection is not private"

I am using Vesta 0.9.8 r17 on Ubuntu 14.04
How can I fix this, so that the vesta web interface makes use of the same certificate?

Thanks
The point is that if you use another sub-domain for Vesta cpanel and turn HTTPS, then you will definitely get the "Your connection is not private" error as the SSL certificate is only valid for one URL. It's not a wildcat SSL, I think.

If you want to use HTTPS for all sub-domain, buy a wildcat SSL certificate or use Let's Encrypt.

Updated: Try this one to bypass the Your connection is not private error in Google Chrome temporarily.

Re: Web interface using different ssl certificate?

Posted: Tue Apr 04, 2017 2:48 pm
by skurudo
techforusnews wrote:If you want to use HTTPS for all sub-domain, buy a wildcat SSL certificate or use Let's Encrypt.
Nope, it's not it. You have two different nginx instanses: for sites and for Vesta. ;)

Re: Web interface using different ssl certificate?

Posted: Fri Feb 08, 2019 10:12 am
by Fleuv
skurudo wrote:
Tue Apr 04, 2017 11:15 am
You have two ways to do this:
1) via web... SERVER -> configure -> Vesta SSL

2) vesta-nginx -> /usr/local/vesta/nginx/conf/nginx.conf and add path to your cettificate:

Code: Select all

    ssl_certificate      /home/admin/conf/web/ssl.domain.ru.pem;
    ssl_certificate_key  /home/admin/conf/web/ssl.domain.ru.key;
I would like to add a third method to that:
  • Install and setup the domain for the web interface, via the vesta web interface itself.
  • Go to <your-server-ip>:8083 and login to the user with the domain used for the web interface (usually the admin user).
  • Edit the domain and check SSL Support to start installation of the certificate.
  • After installation of the certificate, copy it by running the following command:

    Code: Select all

    v-update-host-certificate admin $HOSTNAME
    Assuming that you're admin user uses the web interface domain and $HOSTNAME contains the actual domain name used for the web interface.
To check if everything worked as it should you can do something like.

Code: Select all

diff /usr/local/vesta/ssl/certificate.crt /home/admin/conf/web/ssl.$HOSTNAME.pem && diff /usr/local/vesta/ssl/certificate.key /home/admin/conf/web/ssl.$HOSTNAME.key
If this returns nothing / true it means that the files are equal, what is what we want.