This is a short tutorial on how to setup a Let’s Encrypt cerificate on your website if you are hosting it through VestaCP. If you are not familiar, Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG). You can grab a free digital certificate and enable SSL/TLS on your website for improved security and privacy.

First, login to your server through SSH as root and go to your local user directory:

cd /usr/local

Download the required files:

git clone https://github.com/letsencrypt/letsencrypt.git
git clone https://github.com/interbrite/letsencrypt-vesta.git

Create the webroot directory where Let’s encrypt will write the files required for domain verification:

mkdir-p /etc/letsencrypt/webroot

Symlink the Apache conf file to enable proper serving of the validation files:

ln-s /usr/local/letsencrypt-vesta/letsencrypt.conf /etc/apache2/conf.d/letsencrypt.conf

Symlink letsencrypt-auto and letsencrypt-vesta:

ln-s /usr/local/letsencrypt/letsencrypt-auto/usr/local/bin/letsencrypt-auto
ln-s /usr/local/letsencrypt-vesta/letsencrypt-vesta/usr/local/bin/letsencrypt-vesta

Restart the apache service:

service apache2 restart

Now, the final part is to install the SSL certificate to your website by entering the following command (username is your vestacp username, and yourwebsite.com is the website you want to install the SSL certificate to):

letsencrypt-vesta username yourwebsite.com

Because Let’s Encrypt certificates expire after 90 days, it is recommended that you re-enter the last command to renew your certificate.