Vicidial SSL

How to Enable SSL Certificate on VICIdial Cloud Server: Complete Guide

In today’s digital landscape, SSL certificates are no longer optional, they’re essential for any call center operation. Whether you’re running VICIdial on AWS or Azure through our marketplace images, this guide will walk you through enabling SSL encryption to protect your agents’ login credentials and customer data.

Why SSL Matters for Your VICIdial Call Center

Before diving into the technical steps, let’s understand why SSL is crucial for your VICIdial deployment:

  • Data Security: Encrypts all communication between agents and your VICIdial server
  • Browser Compatibility: Modern browsers flag non-SSL sites as “Not Secure”
  • Compliance: Many industries require encrypted connections for handling customer data
  • Professional Image: SSL certificates show your commitment to security
  • SEO Benefits: Google prioritizes secure sites in search rankings

Prerequisites

Before starting, ensure you have:

  • A VICIdial server deployed from Solve DevOps AWS Marketplace or Azure Marketplace
  • Root/SSH access to your server
  • A registered domain name pointing to your server’s IP address
  • Port 80 and 443 open in your security group/firewall

Quick Start Tip: If you haven’t deployed VICIdial yet, our marketplace images come pre-configured and can be up and running in just 5 minutes!

Step 1: Obtaining a Free SSL Certificate from Let’s Encrypt

Let’s Encrypt provides free SSL certificates that are trusted by all major browsers. Our AWS and Azure images comes prepackaged with Let’s Encrypt.

Generate Your SSL Certificate

Replace yoursite.com with your actual domain name:

certbot certonly --standalone -d yoursite.com -d www.yoursite.com

Important: Ensure Apache is temporarily stopped during this process:

systemctl stop httpd

Follow the prompts:

  1. Enter your email address for renewal notifications
  2. Agree to the terms of service
  3. Choose whether to share your email with EFF (optional)

Once complete, your certificates will be stored in:

  • Certificate: /etc/letsencrypt/live/yoursite.com/fullchain.pem
  • Private Key: /etc/letsencrypt/live/yoursite.com/privkey.pem

Don’t forget to restart Apache:

systemctl start httpd

Step 2: Configure Apache SSL Settings

Now, let’s configure Apache to use your new SSL certificate.

Edit the SSL Configuration File

Open the SSL configuration file:

nano /etc/httpd/conf.d/ssl.conf
Locate and update these lines (usually around line 100-120):
# Find these lines and update them:
SSLCertificateFile /etc/letsencrypt/live/yoursite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yoursite.com/privkey.pem

# Optional but recommended - add this line for better compatibility:
SSLCertificateChainFile /etc/letsencrypt/live/yoursite.com/chain.pem

Additional SSL Security Settings (optional)

While you’re in the ssl.conf file, consider adding these security enhancements:

apache# Modern SSL Protocol Support
SSLProtocol -all +TLSv1.2 +TLSv1.3

# Strong Cipher Suite
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384

# Enable HSTS (optional but recommended)
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

Save and exit the file (Ctrl+X, then Y, then Enter in nano).

Step 3: Set Up Automatic HTTP to HTTPS Redirect

To ensure all traffic uses SSL, create a redirect configuration:

Create the Redirect Configuration File

nano /etc/httpd/conf.d/vicidial-ssl-redirect.conf

Add the following content (replace yoursite.com with your domain):

<VirtualHost *:80>
ServerName yoursite.com
ServerAlias www.yoursite.com
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</VirtualHost>

This configuration will:

  • Listen on port 80 (standard HTTP)
  • Check if HTTPS is off
  • Redirect all traffic to HTTPS with a 301 (permanent) redirect
  • Preserve the full URL path during redirect

Save and exit the file.

Step 4: Test and Apply Your Configuration

Test Apache Configuration

Before restarting Apache, test your configuration:

apachectl configtest

You should see “Syntax OK”. If you see any errors, review your configuration files for typos.

Restart Apache

Apply your changes:

systemctl restart httpd

Verify SSL is Working

  1. Open your browser and navigate to https://yoursite.com
  2. Look for the padlock icon in the address bar
  3. Click on the padlock to view certificate details
  4. Test that HTTP redirects work by visiting http://yoursite.com

Step 5: Set Up Automatic Certificate Renewal

Let’s Encrypt certificates expire every 90 days. Set up automatic renewal:

Test Renewal Process

certbot renew --dry-run

Create Renewal Cron Job

Add a cron job for automatic renewal:

crontab -e

Add this line:

0 3 * * * /usr/bin/certbot renew --quiet --post-hook "systemctl restart httpd"

This runs daily at 3 AM and only renews when necessary.

Troubleshooting Common Issues

Certificate Not Showing Up

  • Ensure your domain DNS is properly configured
  • Check firewall rules for ports 80 and 443
  • Verify Apache is running: systemctl status httpd

Mixed Content Warnings

  • Update VICIdial system settings to use HTTPS URLs
  • Check custom scripts or integrations for hardcoded HTTP references

Renewal Failures

  • Ensure port 80 is accessible for Let’s Encrypt validation
  • Check that your domain still points to your server
  • Review renewal logs: journalctl -u certbot

Security Best Practices

  1. Regular Updates: Keep your VICIdial and OS packages updated
  2. Firewall Rules: Only open necessary ports
  3. Strong Passwords: Use complex passwords for all VICIdial users
  4. Regular Backups: Backup your SSL certificates and VICIdial data
  5. Monitor Access: Review Apache logs regularly

Ready to Deploy Your Secure VICIdial Call Center?

Now that you understand how to secure VICIdial with SSL, why not get started with your own deployment? Our pre-configured VICIdial images on AWS and Azure Marketplace make it incredibly easy:

🚀 Deploy VICIdial in Just 5 Minutes!

Choose Your Platform:

Why Choose Solve DevOps VICIdial Images?

One-Click Deployment – No complex installation procedures
Pre-Optimized – Configured for cloud performance out of the box
Regular Updates – We maintain and patch the images regularly
Expert Support – Get help when you need it
Cost-Effective – No per-agent licensing fees
Scalable – Easily resize your instance as you grow

What’s Included:

  • Latest stable VICIdial version
  • Optimized Apache and MySQL configurations
  • Security hardening applied
  • Timezone configuration script included
  • Web-based administration interface
  • Complete documentation

Get Started Today!

  1. Click on your preferred platform above
  2. Launch the instance with your desired specifications
  3. Follow this SSL guide to secure your deployment
  4. Start making calls!

Pro Tip: Our support team is available to help you with SSL setup and any other configuration needs. Just reach out after launching your instance!

Conclusion

Securing your VICIdial deployment with SSL is a crucial step in protecting your call center operations. With this guide and our marketplace images, you can have a secure, professional call center solution running in under an hour.

Remember, SSL is just one part of a comprehensive security strategy. Combined with our pre-hardened VICIdial images and regular updates, you’ll have a robust platform for your call center operations.