VestaCP - Automatically generate SSL certificates for new domains

July 2016 ยท 2 minute read

With the release of the open-source Let’s Encrypt project by the Linux Foundation, we took advantage of some folk’s creation that automates the lets-encrypt client for the Vesta Control Panel. Considering that we add a new subdomain every other week, this was very useful and yet… not useful enough.

Despite the fact that Vesta’s lets encrypt client only taking a few commands to setup a new certificate, the reality is that it took commands at all. This required me to use both the web interface and a terminal which is midly inconvinient at best and impractical at worst.

Automating all the things

Every single thing that Vesta does can be linked to a file in the /usr/local/vesta/bin directory.

Listing of VestaCP bin directory

We have a single point of interest in the file v-add-web-domain which handles adding domains. Open that up in vim or what have you and go towards the bottom, right above where you see:

# Restarting web server
if [ "$restart" != 'no' ]; then
    $BIN/v-restart-web
    check_result $? "Web restart failed" >/dev/null

    if [ ! -z "$PROXY_SYSTEM" ]; then
        $BIN/v-restart-proxy
        check_result $? "Proxy restart failed" >/dev/null
    fi
fi

And add the following lines:

##Enable SSL
letsencrypt-vesta $user $domain

Now every time you add a domain, assuming you configured the letsencrypt-vesta tool properly, it should handle everything automagically.

Recommended follow-up reading: VestaCP - Force HTTPS with Apache configuration templates