How to install SSL on ServerPilot

If you have installed WordPress with ServerPilot, and you want to install Comodo Positive SSL on ServerPilot, here is a step by step guide to help you. This tutorial is for root domain user, and you might not be able to do the same if you have a subdomain.

Installing an SSL is not mandatory if you have a general website or personal blog. However, a few months back, Google acknowledged that they use SSL or HTTPS as a ranking factor. Hence, if you want to get a little bit more exposure in the eyes of the giant search engine, installing SSL can help you a bit.

Google Chrome has started showing a “Not Secure” tag in the address bar if a website doesn’t have SSL or HTTPS – and so, it may damage the user experience if you do not install SSL.

ServerPilot is a helping hand if you use unmanaged VPS. You will be able to install WordPress in a very easy way. This online tool allows users to install SSL. However, that is a free and shared SSL. If you do not want to use a shared SSL certificate for your website and you want to install Positive SSL on ServerPilot, this is the guide you need.

Install SSL on ServerPilot

To install SSL on your domain, you need a few things:

  • Cyberduck
  • Putty (You can download from official website)
  • SSL certificate from a reliable source
  • CSR
  • Private key
  • Server IP address
  • Root password

First, you need to obtain the Positive SSL certificate for your domain. For that, you can head over to the website from where you purchase the SSL and issue a certificate for your domain. During that period, you need to generate CSR. You can visit this website to make a CSR for your domain.

During the CSR generation, you should enter WWW.YOUR-DOMAIN.COM if your site URL is http://www.your-domain.com. If your site URL is http://your-domain.com, you have to enter YOUR-DOMAIN.COM. They provide SSL only for one version of your site URL (with or without WWW).

Also, you will get two things, i.e., CSR and Private Key. You must have to make a copy of these two things. Also, make sure they are separate files. For CSR, you should get the starting and ending tags like this-

-----BEGIN CERTIFICATE REQUEST-----
Some random unique characters
-----END CERTIFICATE REQUEST-----

For Private key, you will get the tags like this-

-----BEGIN PRIVATE KEY-----
Some random unique characters
-----END PRIVATE KEY-----

Save the CSR with .csr extension and save the Private key with .key extension.

After the domain verification, most of the SSL certificate issuers send the certificate files via email. You should get a zip file that contains these files-

  • www_domain-name_com.crt
  • COMODORSADomainValidationSecureServerCA.crt
  • COMODORSAAddTrustCA.crt
  • AddTrustExternalCARoot.crt

After having them all, open Putty and log into your server. You can find a window like this-

Enter the IP address, use 22 as Port and hit the Enter button. Therefore, you need to user “root” as username and the root password. After that, enter this command-

cd /etc/nginx-sp
mkdir certs
cd certs
mkdir your-domain.com
cd your-domain.com

In this folder, upload these following files-

  • CSR
  • Private Key
  • www_domain-name_com.crt
  • COMODORSADomainValidationSecureServerCA.crt
  • COMODORSAAddTrustCA.crt
  • AddTrustExternalCARoot.crt

You can use Cyberduck to upload all the files.

Following that, enter this command in Putty-

cat www_domain-name_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt >> chain.crt

In some cases, the SSL provider can send only two files:

  1. www_domain-name_com.ca-bundle
  2. www.domain-name_com.crt

The .ca-bundle is nothing but a consolidated file of other three files as mentioned above. If you received these files instead of four certificate files, you need to upload these two in the your-domain.com folder.

Following that, you can enter this command in Putty-

cat www.domain-name_com.crt www_domain-name_com.ca-bundle >> chain.crt

After that, enter this command-

cd /etc/nginx-sp/vhosts.d/app-name.d

Do not forget to change the app-name.d with your app name. In the app-name.d directory, create a file and name it ssl.conf. Open up this file with Notepad or any other text editor and enter these lines of code-

listen  443 ssl;
listen [::]:443 ssl;
ssl_certificate         /etc/nginx-sp/certs/your-domain.com/chain.crt;
ssl_certificate_key     /etc/nginx-sp/certs/your-domain.com/private.key;
ssl_session_cache       shared:SSL:20m;
ssl_session_timeout     10m;
ssl_prefer_server_ciphers       on;
ssl_protocols                   TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers                     EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH!aNULL:!MD5:!DSS;
ssl_stapling            on;
ssl_stapling_verify     on;
ssl_trusted_certificate /etc/nginx-sp/certs/ your-domain.com/www_domain-name_com.crt;
set $ssl_status off;
if ($scheme = "https") {
set $ssl_status on;
}
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl $ssl_status;

Do not forget to replace the given file names with your own file names.

After that, create another file in the same directory and name it off.nossl_conf. Open up this file with any text editor and add this:

if ($scheme !="https"){
return 301 https://$server_name$request_uri;
}

Now enter this command in Putty-

nginx-sp -t

It should show a success message like this-

install Positive SSL on ServerPilot

If it shows a success message, you need to restart Nginx. For that, enter this command-

service nginx-sp restart

Now, you should check whether your SSL has been installed successfully or not. There is an online tool called SSL Checker. You can visit the website and enter your domain name. You should get a message like this-

install SSL on ServerPilot

Now, you need to make all the redirections. For instance, you need to redirect from http to https. If you have already added the website in Google or Bing Webmaster Tools or Search Engine Console before installing the SSL, you need to verify your website there too. On the other hand, you need to make all the changes in various social networking platforms like Facebook, Twitter, etc.

Get HTTPS with WWW

You need to enter this in the htaccess file:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^your-domain.com [NC]
RewriteRule ^(.*)$ http://www.your-domain.com/$1 [L,R=301,NC]
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.your-domain.com/$1 [R,L]

Get HTTPS without WWW

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www. your-domain.com [NC]
RewriteRule ^(.*)$ http:// your-domain.com/$1 [L,R=301]
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://your-domain.com/$1 [R,L]

In case nothing is working, you can install this WordPress plugin called Really Simple SSL on your WordPress site.

Now you can keep using your website with HTTPS. Hope this guide would be helpful for you.

Download this VPN to secure all your Windows devices and browse anonymously
Posted by on , in Category General with Tags
Sudip is a student who loves to engage with the latest technology & gadgets. Apart from writing about all things technology, he is a Photoshop junkie and a football enthusiast.

One Comment

  1. Hello Francisco. Yes, it is quite different than other cases. For example, it requires only a couple of commands to install Let’s Encrypt SSL. However, in ServerPilot, you have to go through all those steps to install SSL. That is a downside of ServerPilot since people use ServerPilot to manage apps easily and save time. But at the same time, they need to spend comparatively more time to install the third-party SSL. Thing is it is a one-time job.

Leave a Reply

Your email address will not be published. Required fields are marked *


4 + 5 =