We continue with the series of articles on building WordPress websites on OpenLiteSpeed web server.
In the previous post you completed the WordPress installation .
Next mission:
We will install and configure the Let’s Encrypt SSL certificate in OpenLiteSpeed.
These days the importance of SSL certificates is not in dispute.
If you’re building a website from scratch, installing a free SSL certificate like Let’s Encrypt is almost a must.
Contents
Install Certbot
The easy way to install Let’s Encrypt certificate on VPS is to use Certbot Client.
On CentOS 7, Certbot is available at the EPEL Repository. You just need to enable it with the following command:
|
1
|
rpm –ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
|
Ubuntu you need to configure Certbot PPA with the following command:
|
1
2
3
4
|
apt–get update
apt–get install software–properties–common
add–apt–repository ppa:certbot/certbot
apt–get update
|
You can now install Certbot
CentOS:
|
1
|
yum install certbot
|
Ubuntu:
|
1
|
apt–get install certbot
|
Create a Let’s Encrypt certificate for your domain
You create a Let’s Encrypt certificate for your domain with the following command:
|
1
|
certbot certonly —webroot –w /usr/local/lsws/elegantjava.info/html/ –d elegantjava.info –d www.elegantjava.info
|
Enter your email address and answer when the script asks as follows:
You will see a list of pem files located in the directory /etc/letsencrypt/live/your_domain/
cert.pem – SSL certificate of your domain
chain.pem – CA certificate
fullchain.pem – Combined certificate, includes domain and CA certificate.
privkey.pem – Private key
You will need to provide the path to the fullchain.pem and privkey.pem files in the OpenLiteSpeed configuration.
Configure Let’s Encrypt SSL in OpenLiteSpeed
As usual visit WebAdmin: http://your_ip_address:7080/
Go to Listeners and click the Add button to add a new listener:
Enter the Listener Name, Port, Secure information as below:
Click the Save button to save the configuration. Still in the Listener you just created. Click the General Tab. Click the Add button in Virtual Host Mappings .
Map virtual host with your domain:
Click the Save button to save the configuration. Then switch to the SSL tab. Click the Edit button in the SSL Private Key & Certificate section .
Enter the path for the private key and certificate file as follows:
| Private Key File | /etc/letsencrypt/live/elegantjava.info/privkey.pem |
| Certificate File | /etc/letsencrypt/live/elegantjava.info/fullchain.pem |
Click the Save button. Click the Edit button in the SSL Protocol section.
Select all protocols except SSL v3.0 as below. Then click the Save button.
Restart OpenLiteSpeed by clicking the Graceful Restart button.
At Dashboard make sure that the listener you just created has run successfully as below: (blue icon)
In WordPress, you install and activate Really Simple SSL .
Now we test the certificate again with the SSL Lab Server Test.
OpenLiteSpeed supports the trendy HTTP/2 protocol. But still want to double check to be sure. As you can see below, your website is running over HTTP/2 protocol.
Renew Let’s Encrypt certificate
As you know Let’s Encrypt certificate expires after 90 days. You need to create an auto-renew cron job like this:
Note: if you get the error nano command not found. You just need to install nano editor (CentOS: yum install nano, Ubuntu: apt-get install nano)
|
1
|
export VISUAL=nano; crontab –e
|
Paste the following line at the end of the file.
|
1
|
15 3 * * * /usr/bin/certbot renew —quiet
|
Run the renewal order at 3:15 am. If the certificate has not expired it does nothing.
You see, installing and configuring the Let’s Encrypt certificate is not too complicated.
If you have any problems, leave a comment below.
