StartSSL Certificate on Domain

[badams]

I dont know why Im struggling so much with this.
Ive installed SSL certificates before on other servers, but it seems Vesta just wants to fight me on this one.

I generated a CSR in VestaCP, took that over to StartSSL, did the domain verification, etc. etc. etc.

Got the zip file from StartSSL which contained several zip files within it.
ApacheServer.zip
IISServer.zip
NgixServer.zip
OtherServer.zip

Im assuming the ApacheServer.zip is the one I need, since (to my understanding... correct me if im wrong) apache is whats used for the web hosting of domains.
Inside ApacheServer.zip, I have:
1_root_bundle.crt
2_domain.crt

I put the text from domain.crt into SSL Certificate in VestaCP.
I put the RSA Private key that VestaCP generated earlier into the SSL Key section in VestaCP.
If I hit save at this point, I get an error: Certificate Authority Not Found.

So Im assuming the bundle.crt needs to go into the Certificate Authority section. So I do the same thing, paste the contents of bundle.cry into the authority section, then I get the error: ssl certificate key pair is not valid

Why am I struggling so much with this?? What am I doing wrong here?!

[dpeca]

Take NginxServer.zip, because Vesta is running on nginx on port 8083 :)

Put cert file instead of /usr/local/vesta/ssl/certificate.crt
Put key file instead of /usr/local/vesta/ssl/certificate.key
And then run:

Code: Select all

service vesta restart

Also restart exim4 and dovecot.

[badams]

Take NginxServer.zip, because Vesta is running on nginx on port 8083 :)

Put cert file instead of /usr/local/vesta/ssl/certificate.crt
Put key file instead of /usr/local/vesta/ssl/certificate.key
And then run:

Code: Select all

service vesta restart

Also restart exim4 and dovecot.

I think you are misunderstanding what I am trying to do. I am not trying to put the ssl certificate on the local VestaCP. I'm trying to add an ssl certificate to an actual domain (on port 80)

[dpeca]

Oh, sorry then, please ignore my post :(
Yes, I misunderstood you.

[tjebbeke]

In your vestaCP:
SSL Certificate: content of otherServer.zip -> 2_yourdomain.com.crt
SSL Key: your RSA PRIVATE KEY
SSL Certificate Authority / Intermediate: otherServer.zip -> 1_Intermediate.crt

[Wamphyri]

I've been trying to get startssl to work on one of my sites, i keep getting Error: SSL intermediate chain is not valid. i have tried the way tjebbeke said, either i get a ssl key error or the chain error. Would cloudflaire stop the ssl from working properly?

[skurudo]

I've been trying to get startssl to work on one of my sites, i keep getting Error: SSL intermediate chain is not valid. i have tried the way tjebbeke said, either i get a ssl key error or the chain error. Would cloudflaire stop the ssl from working properly?

StartSSL intermediate chain
https://www.startssl.com/root

cloudflare intermediate chain
https://support.cloudflare.com/hc/en-us ... Origin-CA-

[Wamphyri]

i ended up figuring it out after a lot of trial and error. now i'm just working one some error issues with my email lol

[mehargags]

i ended up figuring it out after a lot of trial and error. now i'm just working one some error issues with my email lol

When you seek answers in the forum, have the courtesy to share "solutions" if you reach one... to help others seeking the same.

[spell]

Hi huys.

I've experienced the samу issue and after a long way googling i've found out that the fieds have to be filed in with this info

1 your_doimain.crt

2 ssl private key NOT ENCRYPTED!!!

3
root crt
intermediate crt
OR
contents of "1_root_bundle" from ApacheServer archive

AT STEP 2
you need to get decrypted key out of your encrypted one. So you go to https://startssl.com/ click on a "Tool Box" tab then down on the left "Decrypt Private Key" put the contents of your "yourname.key" file in "Enter Private Key and Password" field and press Decrypt. Copy the contents of new opened field. Voilà :-)

Have a great day!