VestaCP is an open-source web hosting control panel permits website owners to manage their sites through an easy to use web interface. Vesta supports optional secure web hosting via HTTPS.
Let’s Encrypt is a new certificate authority (CA) that issues free domain validated (DV) SSL/TLS certificates for enabling secure (HTTPS) web connections. Let’s Encrypt automates the certificate request process, making it possible to secure a domain with a single command.
This tool bridges the gap between Vesta’s certificate management and the Certbot client used to install Let’s Encrypt certificates. Given one or more Vesta user accounts and, optionally, a list of domain names, it verifies that the domains exist in Vesta, requests a certificate for each domain and all associated aliases, and (upon successful validation) installs the certificate on each domain.

Letsencrypt installation on Vestacp

Installation must be done as root. If your system doesn’t support root logins, append sudo to each of the following commands, or open a root shell with sudo su -.
Clone both the Let’s Encrypt client and this tool into /usr/local. This will create two new directories, /usr/local/certbot and /usr/local/letsencrypt-vesta.

    cd /usr/local
    git clone
    git clone

Create the “webroot” directory where Let’s Encrypt will write the files needed for domain verification.

    mkdir -p /etc/letsencrypt/webroot

Choose to implement either the Apache configuration or Nginx configuration (both below) depending on your specific server configuration (the Apache configuration is recommended unless you’re only running Nginx).
Symlink certbot-auto and letsencrypt-vesta in /usr/local/bin for easier access. This allows them to be run without needing to know the full path to the programs.

    ln -s /usr/local/certbot/certbot-auto /usr/local/bin/certbot-auto
    ln -s /usr/local/letsencrypt-vesta/letsencrypt-vesta /usr/local/bin/letsencrypt-vesta

add Apache configuration

ln -s /usr/local/letsencrypt-vesta/letsencrypt.conf /etc/httpd/conf.d/letsencrypt.conf

Restart Apache Webserver

service httpd restart
    letsencrypt-vesta USERNAME DOMAIN

The first time you run certbot-auto (either via letsencrypt-vesta or separately) it will do some initial setup work that could take a few minutes. Subsequent runs should be faster, as this setup is only needed once per server.


Once installed, certificates can be requested by running letsencrypt-vesta command. Several options can be passed to determine which domains will be included in the certificate:

sudo letsencrypt-vesta [-a days] [-m email] [-u] user1 [domainlist1] [...-u userN [domainlistN]]
  • The -a option schedules an automatic upgrade in days days using the at scheduler, if it is available.
  • The -m option allows the contact email address, passed to Let’s Encrypt, to be specified. If omitted, the email address from the first domain in the certificate will be used.
  • The -u option specifies a Vesta username and an optional space-separated list of Vesta domains (sites) hosted under that username to add to the certificate. Each domain and all aliases of that domain will be added to the certificate. If no domains are specified, the certificate will be issued to every domain in the account.
  • Multiple -u options can be specified to include domains across multiple Vesta accounts. For backwards compatibility, the -u is optional for the first account.
  • The same command is used to request new certificates and to renew previously installed certificates. Note that Let’s Encrypt certificates expire every 90 days. It’s recommended to renew them after 60 days.
    If a site doesn’t already have SSL support it will be enabled with public_html as the SSL home. Otherwise, the existing SSL certificate will be replaced with the one issued by Let’s Encrypt.


    Cron is the most well-know job scheduling tool for Unix-type systems. It schedules jobs to occur automatically at set times on a recurring basis and is installed by default on most systems. Unlike at, however, cron requires an additional step to set up recurring certificate installations.
    If you choose to use cron, you must first run the letsencrypt-vesta command on its own to complete the initial certificate request and installation. Then you must manually schedule the job to run again by adding it to the root user’s crontab file.
    To edit the crontab, type the following command:

        sudo crontab -e

    If you aren’t familiar with the format of a crontab file, the Wikipedia article on Cron does a good job of describing it. As an example, this command will schedule the job to run at 2:08 am on the first day of each even numbered month (February, April, June, …):

        8  2  1  */2  *  /usr/local/bin/letsencrypt-vesta USERNAME DOMAIN

    Be sure not to use the -a option when using cron as it could cause the same certificates to be double-renewed.


    1. Hi Admin!
      Please help me because I stuck at
      letsencrypt-vesta USERNAME DOMAIN
      Because when I run this command I recieve following error
      bash: letsencrypt-vesta: command not found

      • Admin Bestariweb Reply

        The latest Vesta has equiped with official letsencrypt. you can install SSL without additional script. please use this code: <pre> /usr/local/vesta/bin/v-add-letsencrypt-domain username domain </pre>

        but, if you use my script, you can run with full path:

        <pre> /usr/local/bin/letsencrypt-vesta USERNAME DOMAIN </pre>

        You can read this page for command line interface, including letsecrypt function:

    Write A Comment