Install PHP 7 on CentOS VestaCP

To install PHP 7. you need to first enable epel and remi repo.

Remove existing PHP

Install PHP 7.3

start php-fpm

Set php 7.3 as default PHP for cli

Restart apache

VestaCP Update

To update VestaCP server, run


CentOS 7 VestaCP Upgrade PHP to 7.x

On CentOS 7 VestaCP install PHP 5.6 by default. This is very old version of PHP. To upgrade PHP to latest version 7.x, you can install remi repo.

Install EPEL repo

Install yum-utils

Install remi repo

Select PHP version you need

Here i selected PHP 7.3. You can select differnt PHP versions with commands like.

Make sure you only enable one PHP version. If you enabled a PHP version from remi repo, disable it with

Once you have desired version enabled, run yum upgrade

Or only for PHP, run

VestaCP Free Hosting Control Panel

VestaCP SSL for mail server

VestaCP install self signed SSL for mail server by default. To install valid SSL, login to VestCP, go to sites. You will see a site with your sites hostname. If you don’t see it, create a site with your server hostname. Make sure DNS edited so hostname resolve to server IP. Now you should be able to get free LetsEncrypt SSL for this site.

if you check Apache Virtual Host for the site, you will see someting like

In VeataCP the config files for exim and dovecot located at

These configs use SSL located at /usr/local/vesta/ssl/certificate.crt and /usr/local/vesta/ssl/certificate.key.

To use the FREE SSL, create a bash script.


make the file executable

Run the script

Now SSL will work for mail server and VestaCP. To access VestaCP, use

Verify Mail Server SSL

You can view mail server SSL with command

Replace HOSTNAME with actual hostname of your server.

Auto Renew SSL

LetsEncrypt SSL expire every 90 days. So we will create a cronjob to auto renew SSL. Ff you have a paid SSL, you don’t need this cronjob

Create a cronjob with


Related Posts

VestaCP Free Hosting Control Panel

VestaCP Free Hosting Control Panel

VestaCP Installer Compromised

VestaCP Free Hosting control panel compromised again. Hackers where able to get access to VestaCP infrastcuture server, allowing them to modify installation script, so it sent root password of servers to hacker.

Here is post from VestaCP on their forum

I’m sorry about inactivity in this post from our side. It was a complex issue and we were not sure we understand the whole picture. Leak in the installer is just one piece of the puzzle. All pieces together lead to cumulative effect.

The issue number one

Our infrastructure server was hacked. Presumably using API bug in the release 0.9.8-20. The hackers then changed all installation scripts to log admin password and ip as addition to the distro name we used to collect stats.

Please check if your server IP here

If it’s there you should change admin passwords as soon as possible. Also please make sure there is no /usr/bin/dhcprenew binary installed on your server. This binary is some sort of trojan that is able to launch remote DDoS attack or open shell to your server

For more information, see

VestaCP Free Hosting Control Panel

VestaCP Zero-day exploit

On 07 April 2018, many servers using VestaCP got hacked. Hacker was able to get root acceess on these servers.

VestaCP Free Hosting Control Panel

Hacker installed some trojan software known as Chinese Chicken that is used to DDoS other servers.

To see if your server is hacked, check if file /etc/cron.hourly/ is present in your server.

You can read more about this DDoS Trojan at

If you are running VestaCP, stop it until a solution for this exploit is released.

You can find discussion on this exploit on VestaCP form

Once server is rooted, it is better to take backup of all your data and restore OS.