VHost Templates with SSL certificates


New Member
I have a Template set up and in the "SSL -> Private Key File" section I have /etc/ssl/$VH_NAME/privkey.pem and added a member virtual host but the default SSL certificate applied from the SSL listener always comes up. Is it possible to use $VH_NAME (or $VH_DOMAIN) as part of a "Private Key File" entry in a template?

If not then what is the best practice for applying "dynamic" SSL certificates per member vhost when using VHost Templates?

The only thing I can think of is to use dedicated vhost entries with a hard-wired path to the certificates but then what is the point of using templates if you can't "dynamically" declare a different certificate per vhost?



Virtual host or template should be able to overwrite the listener's certificate. Can you try restarting the web server and see check it again on incognito browser?


New Member
Yes, a "Virtual Hosts" entry will override the listeners' certificate but, so far, I can't get a templated vhost member to pick up the $VH_NAME defined certificate paths. The Templates -> Member Virtual Hosts -> SSL -> Private Key File (for example) of /etc/ssl/$VH_NAME/privkey.pem should work, I would expect, unless using $VH_NAME is not allowed for that setting?

For Nginx, all certificate paths have to be hardwired (using config vars won't work) because the certificates need to b available at the beginning of the https request before SNI/vhost magic can work and figure out which vhost is involved. If the same situation exists for openlitespeed then I can understand why it might not work but then this would render the entire vhost template concept useless for https vhosts.

EDIT: in conf/httpd_config.conf, this does not work but if I uncomment the hardwired example.com lines then it does work. So a $VH_NAME variable does not work in a Listeners SSL config. I know this is not the Template config. I just wanted to confirm this point for a listener one way or another.

serverName                example.com
listener SSL {
  address                 *:443
  secure                  1
  keyFile                 /etc/ssl/$VH_NAME/privkey.pem
  certFile                /etc/ssl/$VH_NAME/fullchain.pem
#  keyFile                 /etc/ssl/example.com/privkey.pem
#  certFile                /etc/ssl/example.com/fullchain.pem
  certChain               1
Doh! This works, even when using only Member Virtual Hosts -> Virtual Host Name with an empty Domain Name column...
  keyFile                 /etc/ssl/$VH_DOMAIN/privkey.pem
  certFile                /etc/ssl/$VH_DOMAIN/fullchain.pem
Last edited:


I just tested ACME cert apply and set `/root/.acme.sh/certs/$VH_NAME/$VH_NAME.key` in the template and it it works.
here's my config


New Member
Is that definitely in one of your template config files?
~ grep -A4 vhssl /usr/local/lsws/conf/templates/vhosts.conf
  vhssl  {
    keyFile               /etc/ssl/$VH_DOMAIN/privkey.pem
    certFile              /etc/ssl/$VH_DOMAIN/fullchain.pem
    certChain             1
If I use $VH_NAME instead of $VH_DOMAIN above then SSL for the member vhost entries do not work for me.


New Member
Hi, I am also having problem in putting relative path in the SSL on the listener section, I can have it in the vhost level of the ssl, but not at the listener, I had to put the full path of the cert/ key files. Can anyone assist?