Let's Encrypt ESXi VPS

From Comprofix
Revision as of 16:15, 21 May 2018 by Mmckinnon (talk | contribs)
Jump to: navigation, search

Manually Update Certificates

Generating the Certificate


  • Open a Command Prompt
  • Change to your OpenSSL Folder
cd \OpenSSL\bin
  • Copy and paste your generated command from above


  • Open Your Key File in Notepad
  • Visit https://zerossl.com/free-ssl/#crt
  • Copy and paste the contents of your Key file you have open in Notepad into the CSR section
  • Accept ZeroSSL TOS and Accept Let’s Encrypt SA and click Next


  • This will generate a RSA for LetsEncrypt
  • Download a copy of your Generated RSA Key. We don’t need this at this time, but we need to download it to continue.
  • Select DNS verification and Click Next
  • Update your DNS TXT records with the information provided.
  • Once DNS has been updated Click Next
  • The certificate will be generated. Download the certificate – domain-crt.txt

Upload your Certificate to ESXi

  • Now you should have two files required for ESXi. esxi_comprofix_com.key file (name depends on what you used in the CSR command) and a domain-crt.txt which is the certificate.
  • Rename your key file to rui.key
  • Rename domain-crt.txt to rui.crt
  • Connect to your ESXi Machine and shutdown any running VMs
  • Put the ESXi Machine into “Maintenance Mode”
  • Enable SSH on your ESXi VPS
  • Download and Install WinSCP – https://winscp.net/eng/download.php
  • Open WinSCP and connect to your ESXi Machine
  • Navigate to the Folder /etc/vmware/ssl
  • Rename the file /etc/vmware/ssl/rui.key to /etc/vmware/ssl/rui.key.bak
  • Rename the file /etc/vmware/ssl/rui.crt to /etc/vmware/ssl/rui.key.crt
  • Upload your rui.key and rui.crt file to /etc/vmware/ssl
  • Download the Putty SSH Client – http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
  • Connect to your ESXi machine using Putty
  • Run the command – services.sh restart


  • This will restart the ESXi Services
  • Take you ESXi Machine out of “Maintenance Mode”
  • Open a Web Browser and visit your ESXi VPS Domain Name that you created.


Congratulations you should now have a Secured SSL Certificate on your ESXi VPS

Automatically update Certificates

This is a work in progress. Currently this is just notes. Use at your own risk