# Certificat Let's Encrypt sur le webUI VestaCP

Certificat Let's Encrypt par WEBROOT sur WebUI Vesta  
  
Ajouter /etc/httpd/conf.d/letsencrypt.conf

<details id="bkmrk-%23-let%27s-encrypt-webr"><summary></summary>\# Let's Encrypt Webroot Configuration for Apache  
\#  
\# In "webroot" mode, the Let's Encrypt client will attempt to write a  
\# temporary file to the /.well-known/acme-challenge directory within  
\# the website's root directory in order to perform the domain  
\# verification. Since every Vesta site has a different  
\# web root directory, this directive creates an alias that will allow  
\# the Let's Encrypt Client to write these files to a central location  
\# that can be accessed from all sites.  
Alias /.well-known/acme-challenge /etc/letsencrypt/webroot/.well-known/acme-challenge  
  
\# Ensure that the proper Content-type header is returned with  
\# challenge responses  
Header set Content-Type "application/jose+json"</details>Créer le répertoire  
`mkdir -p /etc/letsencrypt/webroot/.well-known/acme-challenge`  
  
Générer le certificat  
`/opt/letsencrypt/certbot-auto certonly --webroot --webroot-path /etc/letsencrypt/webroot --email admin@domaine.fr -d serveur_vesta.domaine.fr`  
  
Si le certificat est créé sans erreur :  
`cd /usr/local/vesta/ssl/`  
  
\# Si les certificats auto-signés d'origine sont toujours en cours, les sauvegarder au cas où  
`mv certificate.crt certificate.crt.bak`  
`mv certificate.key certificate.key.bak`  
  
\# Créer des liens vers les nouveau certificats  
`ln -s /etc/letsencrypt/live/serveur_vesta.domaine.fr/fullchain.pem certificate.crt`  
`ln -s /etc/letsencrypt/live/serveur_vesta.domaine.fr/privkey.pem certificate.key`  
  
Et finalement  
`systemctl restart vesta`