Prerequisites
Before installing a custom SSL certificate, make sure you have:
- Admin access to HestiaCP
- Your SSL certificate files (.crt, .key, and optionally .ca)
Method 1: Install via HestiaCP Web Interface
Step 1: Log in to HestiaCP
https://YOUR_SERVER_IP:8083Step 2: Navigate to WEB Section
Click on WEB → your domain → SSL tab.
Step 3: Toggle SSL Support ON
Click Install/Update Certificate and select Install custom certificate.
Step 4: Upload Certificate Files
- Certificate (CRT): Paste your SSL certificate (including -----BEGIN CERTIFICATE-----)
- Private Key (KEY): Paste your private key
- Certificate Authority (CA): Paste intermediate/root certificate (if provided)
Step 5: Save
Click Save to apply.
Method 2: Install via SSH
ssh hxroot@YOUR_SERVER_IP -p 22Upload certificate files to server:
scp /local/path/example.com.crt admin@YOUR_SERVER_IP:/home/admin/
scp /local/path/example.com.key admin@YOUR_SERVER_IP:/home/admin/Install certificate:
/usr/local/hestia/bin/v-add-web-domain-ssl admin example.com /home/admin/example.com.crt /home/admin/example.com.keyIf you have a CA bundle:
/usr/local/hestia/bin/v-add-web-domain-ssl admin example.com /home/admin/example.com.crt /home/admin/example.com.key /home/admin/ca.crtVerify Certificate Installation
curl -I https://example.comCheck certificate details:
echo | openssl s_client -servername example.com -connect example.com:443 2>/dev/null | openssl x509 -textCommon Certificate Format Issues
Private key must be RSA or ECDSA - Ensure key is in PEM format.
Convert PFX to PEM:
openssl pkcs12 -in certificate.pfx -out certificate.pem -nodes✅ Custom SSL certificate has been installed!