User

Issuing SSL Certificates

How to issue a Let's Encrypt SSL certificate for a domain in Opterius Panel.

Last updated 1775606400

Opterius issues free Let's Encrypt certificates with one click. Before you start, make sure your domain's DNS is pointing at this server — Let's Encrypt verifies domain ownership via an HTTP challenge.

Prerequisites

  • The domain's A record must point to this server's IP
  • Port 80 must be open and reachable from the internet
  • DNS must have propagated (use dig domain.com A to verify)

Issuing a Certificate

  1. In Hosting Mode, go to SSL
  2. Find the domain you want to secure
  3. Click Issue Certificate
  4. Wait for completion — typically 5–15 seconds

When successful, the domain's Nginx vhost is updated to:

  • Serve HTTPS on port 443 with the new certificate
  • Redirect all HTTP traffic (port 80) to HTTPS automatically

The certificate covers both domain.com and www.domain.com.

Issuing for Subdomains

Each subdomain needs its own certificate. Go to SSL, find the subdomain in the list, and click Issue Certificate. Each subdomain must have its own A record pointing to the server.

Issuing Multiple Certificates at Once (Admin)

In Server Mode, go to SSL Overview. This page shows all domains and their SSL status across all accounts. Use the Issue All Missing button to queue certificate issuance for all domains that don't have a valid certificate. Certbot runs in the background for each domain concurrently.

Certificate Status

Status Meaning
Active Certificate is valid
Expiring soon Expires within 30 days — renewal will happen automatically
Expired Certificate has expired — re-issue manually
Pending Issuance in progress
Failed Issuance failed — click to see the error
None No certificate issued yet

Common Failure Reasons

"Domain does not resolve to this server" — The domain's A record points to a different IP. Update DNS and wait for propagation.

"Too many certificates already issued for this domain" — Let's Encrypt rate-limits to 5 certificates per domain per week. Wait, or use a custom certificate. See Custom Certificates.

"Connection refused / timeout" — Port 80 is blocked. Check your firewall: ufw status or check your cloud provider's firewall settings.

See Troubleshooting SSL for a full list.

Next Steps

Previous
← How Auto-SSL Works
Next
Renewing Certificates →