OPENSSL TUTORIAL: CREATE A PRIVATE KEY AND SSL CERTIFICATE FROM THE

OPENSSL TUTORIAL: CREATE A PRIVATE KEY AND SSL CERTIFICATE FROM THE TERMINAL

August 26, 2025 / by Marco / Categories : Business

picnie header cc2e2c18

In this guide, we’ll walk through requesting a certificate in AWS Certificate Manager (ACM), exporting it with a passphrase, decrypting the private key on a Linux server, and installing the certificate into HestiaCP. I’ll also point out exactly where each step happens with the screenshots referenced in the transcript.

1) Request a public certificate in AWS Certificate Manager

Start by creating a certificate request in ACM for the domain (or subdomain) you want to secure.

Open AWS Certificate Manager in your AWS console.
Choose “Request” and select “Request a public certificate.”
Add your domain names (e.g., example.com and/or subdomains).

For validation, choose DNS validation. This method is fast, automatable, and keeps the validation record in your DNS, so future renewals are seamless.

Add the provided CNAME records to your DNS host (Route 53 or your external DNS provider).
Submit the request and wait for validation.

Once AWS confirms the DNS record, the certificate status will show as “Issued.”

2) Export the certificate from ACM

After the certificate is issued, click into the certificate details page via its Certificate ID.

Use the Export option and set an encryption passphrase. This passphrase will be used to protect the private key during export.

Choose PEM encoding, then export and download the files. You’ll get:

Certificate body (certificate)
Certificate chain (intermediate/CA bundle)
Private key (encrypted with your passphrase)

Save all three files securely. We’ll need them to install the certificate later.

3) Decrypt the private key on a Linux server

To use the certificate with HestiaCP, you’ll need the unencrypted private key. We’ll decrypt it using OpenSSL on a Linux box (Ubuntu in this example).

Create a file on your server and paste in the exported encrypted private key (the one you downloaded from ACM):

Verify OpenSSL is installed. If you see usage options when running the command below, you’re good to go. Otherwise, install it (for Ubuntu: sudo apt update && sudo apt install openssl).

Run the following command to decrypt the key. Replace the filenames with your actual paths.

openssl rsa -in encrypted-private-key.pem -out decrypted-private-key.pem

When prompted, enter the passphrase you set during export. After success, you’ll have a decrypted private key file you can use with HestiaCP.

4) Install the certificate in HestiaCP

In HestiaCP, go to the domain’s web settings (Web → your domain → Edit) and open the SSL section.

SSL Certificate (CRT) field: Paste the Certificate body.
SSL Certificate Authority / Intermediate (CA bundle) field: Paste the Certificate chain.
SSL Key (KEY) field: Paste the decrypted private key (not the encrypted one).

Do not paste the original encrypted key. Make sure you copy the contents of the decrypted key you generated with OpenSSL.

Save your changes. After saving, the certificate should be active for the domain, and your site should load over HTTPS without warnings.

Tips and troubleshooting

If the Export option isn’t visible in ACM, double-check the certificate type and region. Ensure you’re exporting the certificate you just issued.
If HestiaCP rejects the key, confirm you pasted the decrypted private key (PEM format with -----BEGIN PRIVATE KEY----- headers).
Ensure your CA bundle is complete. Paste the full chain provided by AWS.
After installation, test with an SSL checker (e.g., SSL Labs) to verify the chain and expiry.

That’s it! You’ve requested, exported, decrypted, and installed an AWS Certificate Manager certificate in HestiaCP.

DO YOU LIKE WHAT YOU'VE READ?

Join our subscription list and receive our content right in your mailbox. If you like to receive some Great deals our Freebies then subscribe now!

Our Sponsors

Become a Sponsor for $45.

Limit to 5 sponsors.

Company Name :

Email :

Website :

Description :

Upload Logo :

Terms & Conditions : ACCEPTANCE OF TERMS This Agreement contains the complete terms and conditions that apply to your participation in our site. If you wish to use the site including its tools and services please read these terms of use carefully. By accessing this site or using any part of the site or any content or services hereof, you agree to become bound by these terms and conditions. If you do not agree to all the terms and conditions, then you may not access the site or use the content or any services in the site. MODIFICATIONS OF TERMS OF USE Amendments to this agreement can be made and effected by us from time to time without specific notice to your end. Agreement posted on the Site reflects the latest agreement and you should carefully review the same before you use our site. USE OF THE SITE You are prohibited to do the following acts, to wit: (a) use our sites, including its services and or tools if you are not able to form legally binding contracts, are under the age of 18, or are temporarily or indefinitely suspended from using our sites, services, or tools (b) posting of an items in inappropriate category or areas on our sites and services; (c) collecting information about users’ personal information; (d) maneuvering the price of any item or interfere with other users' listings; (f) post false, inaccurate, misleading, defamatory, or libelous content; (g) take any action that may damage the rating system. Registration Information For you to complete the sign-up process in our site, you must provide your full legal name, current address, a valid email address, member name and any other information needed in order to complete the signup process. You must qualify that you are 18 years or older and must be responsible for keeping your password secure and be responsible for all activities and contents that are uploaded under your account. You must not transmit any worms or viruses or any code of a destructive nature. Any information provided by you or gathered by the site or third parties during any visit to the site shall be subject to the terms of businesslegions.com’s Privacy Policy. Term This Agreement will remain in full force and effect while you use the Website. You may terminate your membership at any time for any reason by following the instructions on the “TERMINATION OF ACCOUNT” in the setting page. We may terminate your membership for any reason at any time. If you are using a paid version of the Service and we terminate your membership in the Service because you have breached this Agreement, you will not be entitled to any refund of unused subscription fees. Even after your membership is terminated, certain sections of this Agreement will remain in effect. NON-COMMERCIAL USE BY MEMBERS. Members on this website are prohibited to use the services of the website in connection with any commercial endeavors or ventures. This includes providing links to other websites, whether deemed competitive to this website or not. Juridical persons or entities including but not limited to organizations, companies, and/or businesses may not become Members of businesslegions.com and should not use the site for any purpose. LINKs & FRAMINGS Illegal and/or unauthorized uses of the Services, including unauthorized framing of or linking to the Sites will be investigated, and appropriate legal action may be taken. Some links, however, are welcome to the site and you are allowed to establish hyperlink to appropriate part within the site provided that: (i) you post your link only within the forum, chat or message board section; (ii) you do not remove or obscure any advertisements, copyright notices or other notices on the placed at the site; and (iii) you immediately stop providing any links to the site on written notice from us. However, you must check the copyright notice on the homepage to which you wish to link to make sure that one of our content providers does not have its own policies regarding direct links to their content on our sites. WARRANTY DISCLAIMER AND EXCLUSIONS / LIMITATIONS OF LIABILITY We make no express or implied warranties or representations with respect to the Program or any products sold through the Program (including, without limitation, warranties of fitness, merchantability, non-infringement, or any implied warranties arising out of a course of performance, dealing, or trade usage). In addition, we make no representation that the operation of our site will be uninterrupted or error-free, and we will not be liable for the consequences of any interruptions or errors. We may change, restrict access to, suspend or discontinued the site or any part of it at anytime. The information, content and services on the site are provided on an “as is” basis. When you use the site and or participate therein, you understand and agree that you participate at your own risk. INTELLECTUAL PROPERTY rights You hereby acknowledge that all rights, titles and interests, including but not limited to rights covered by the Intellectual Property Rights, in and to the site, and that You will not acquire any right, title, or interest in or to the site except as expressly set forth in this Agreement. You will not modify, adapt, translate, prepare derivative works from, decompile, reverse engineer, disassemble or otherwise attempt to derive source code from any of our services, software, or documentation, or create or attempt to create a substitute or similar service or product through use of or access to the Program or proprietary information related thereto. Confidentiality You agree not to disclose information you obtain from us and or from our clients, advertisers, suppliers and forum members. All information submitted to by an end-user customer pursuant to a Program is proprietary information of businesslegions.com. Such customer information is confidential and may not be disclosed. Publisher agrees not to reproduce, disseminate, sell, distribute or commercially exploit any such proprietary information in any manner. NON-ASSIGNMENT OF RIGHTS Your rights of whatever nature cannot be assigned nor transferred to anybody, and any such attempt may result in termination of this Agreement, without liability to us. However, we may assign this Agreement to any person at any time without notice. Waiver Failure of the businesslegions.com to insist upon strict performance of any of the terms, conditions and covenants hereof shall not be deemed a relinquishment or waiver of any rights or remedy that the we may have, nor shall it be construed as a waiver of any subsequent breach of the terms, conditions or covenants hereof, which terms, conditions and covenants shall continue to be in full force and effect. Severability of Terms. In the event that any provision of these Terms and Conditions is found invalid or unenforceable pursuant to any judicial decree or decision, such provision shall be deemed to apply only to the maximum extent permitted by law, and the remainder of these Terms and Conditions shall remain valid and enforceable according to its terms. Entire Agreement This Agreement shall be governed by and construed in accordance with the substantive laws of Australia , without any reference to conflict-of-laws principles. The Agreement describes and encompasses the entire agreement between us and you, and supersedes all prior or contemporaneous agreements, representations, warranties and understandings with respect to the Site, the contents and materials provided by or through the Site, and the subject matter of this Agreement. Choice of Law; Jurisdiction; Forum Any dispute, controversy or difference which may arise between the parties out of, in relation to or in connection with this Agreement is hereby irrevocably submitted to the exclusive jurisdiction of the courts of Australia , to the exclusion of any other courts without giving effect to its conflict of laws provisions or your actual state or Australia of residence.

Enter Captcha :

Accept our terms

Marco / admin / 30 Nov

Writing day to day ramblings about making money, business, technology, sharing awesome deals and everything else that I know I'll forget. Follow my personal blog https://marcotran.com.au
I've recently also turned Vegan and started this website Veggie Meals - check it out
"When technology speaks for itself, that is art" - MT
Affiliate Compensated: there are some articles with links to products or services that I may receive a commission.

OTHER ARTICLES YOU MAY LIKE

USE FUSEBASE TO AUTOMATE TEAMWORK AND COLLABORATION

USE FUSEBASE TO AUTOMATE TEAMWORK AND COLLABORATION

If your business is growing, your team is juggling too many moving parts, and your client communication is spread across email threads, chat apps, documents, task boards, and endless follow ups, there is a good chance the real problem is not effort but fragmentation. Most businesses do not lose time because people are lazy. They […]

USING REAP FOR VIDEO CLIPS

USING REAP FOR VIDEO CLIPS

Short form video is now one of the most effective ways to reach new audiences, grow brand awareness, and turn long form content into a steady stream of social media assets. For creators, marketers, consultants, educators, and business owners, the challenge is rarely a lack of content. The real problem is time. Editing long videos […]