This tutorial shows you how to generate a CSR on VestaCP using the built-in SSL generator in the web panel. You will also learn how to verify your CSR before submitting it to a Certificate Authority.
A note on VestaCP maintenance
The original VestaCP codebase (0.9.8-26, September 2019) went several years without updates. In early 2024 the project was acquired by new maintainers who are rebuilding it as Vesta 2.0, but that version has not been released yet. If you are provisioning a new server, consider HestiaCP, the actively maintained community fork that kept the same interface while adding multi-PHP support, current TLS defaults, and ongoing security patches. The CSR workflow described below works the same way on both panels because HestiaCP inherited the SSL section unchanged.
Generate a CSR on VestaCP
A CSR (Certificate Signing Request) is a block of encoded text that contains your domain name and organization details. A Certificate Authority needs it, along with its paired private key, to issue your SSL/TLS certificate. You can generate the CSR directly inside the VestaCP panel, or you can use our CSR Generator to create one automatically in your browser.
To generate the CSR through the VestaCP web interface, follow the steps below.
Step 1: Open the SSL settings for your domain
- Log in to your VestaCP dashboard (the default URL is https://your-server-ip:8083).
- Click the WEB tab at the top of the page.
- Find the domain you want to secure and click Edit.
- On the Editing Domain page, check the SSL Support checkbox. Additional SSL fields will appear.
- Click Generate CSR. A form will open asking for your organization details.
Step 2: Fill in your details
Complete every field in the CSR form. The values you enter here will be embedded in the certificate, so double-check them for accuracy.
- Domain: the fully qualified domain name (FQDN) you want to secure, for example yoursite.com. For a wildcard certificate, add an asterisk and a dot before the domain: *.yoursite.com.
- Email: a valid contact email address.
- Country: the two-letter ISO country code, for example US.
- State/Province: the full name of your state or province, for example California.
- City/Locality: the city where you or your company is located, for example San Jose.
- Organization: the full legal name of your organization (for example, Your Company LLC). If you are ordering a Domain Validation (DV) certificate, you can leave this field blank.
Step 3: Generate and save the CSR and private key
After you have filled in every field, click OK. VestaCP will generate three text blocks:
- SSL CSR: the Certificate Signing Request. You will paste this into the order form when you activate your SSL certificate.
- SSL Certificate: a self-signed certificate that VestaCP creates as a placeholder. You do not need this for a commercial SSL certificate.
- SSL Key: the private key paired with your CSR. Save this key immediately. You will need it later when you install the SSL certificate on VestaCP.
Copy the entire CSR block, including the header and footer lines, and paste it into a plain-text file or directly into the order form. A correctly formatted CSR looks like this:
-----BEGIN CERTIFICATE REQUEST-----
MIICvDCCAaQCAQ... (base64-encoded data) ...
-----END CERTIFICATE REQUEST-----
Save the private key in a separate plain-text file and store it in a secure location. If you lose the private key, you will not be able to install the certificate and will need to regenerate the CSR and reissue the certificate.
Verify your CSR
Before you submit the CSR to a Certificate Authority, it is a good idea to verify that all the details are correct. Paste the CSR into our CSR Decoder to see the decoded fields (domain, organization, country, key size). If anything is wrong, generate a new CSR with the corrected information.
Next steps
Once the Certificate Authority validates your order and issues the certificate, you can proceed with installation. Follow our step-by-step guide on how to install an SSL certificate on VestaCP.
After installation, run a quick scan with our SSL Checker to confirm the certificate is active and the full chain is trusted.
Save 10% on SSL Certificates when ordering from SSL Dragon today!
Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10


