Free SSL on ServerPilot Free Plan

Edited on: 20th March, 2018.

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG)

0
290
free ssl word press server pilot

In this post you will learn how to install Free SSL certificate (Let’s Encrypt) on your ServerPilot Free plan.

Before I start with this tutorial I just want to say that ServerPilot is great, and I approve everything they do but one: charging $10/month for SSL. I wouldn’t mind that if we’re talking about some paid certificate, but they are providing you with Let’s Encrypt, which is free for everyone. I only approve paying a one-time fee for the setup, but not $10/month.

Anyhow, let’s start: To install Let’s Encrypt on your ServerPilot Free Plan you’ll need to start the terminal to ssh to the server.
Make sure you have root access
type:
sudo su root
Then run this command to clone the reposity:
sudo git clone https://github.com/certbot/certbot
The repository will be cloned to “certbot” folder, therefore we need to navigate to it before going any fruther:
cd certbot

At this point you will tell the certbot to generate certificate for your domain:
./certbot-auto certonly --webroot --webroot-path /srv/users/serverpilot/apps/yourappname/public --renew-by-default --email youremail@domain.com --text --agree-tos -d yourdomain.com
To add additional subdomains, just add at the end -d subdomain.domain.com
At this point your new SSL is ready to be used, all you need to do now is to edit your ssl configuration file:
cd /etc/nginx-sp/vhosts.d
then edit it inside console window by using:
sudo nano appname.ssl.conf
..or you can use FileZilla and navigate there, edit the .conf file normally, using an GUI editor like notepad or notepad++.
Put this inside, but make sure to add correct paths:


server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name domain.com;
 
    ssl on;
 
    # letsencrypt certificates
    ssl_certificate      /etc/letsencrypt/live/domain.com/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/domain.com/privkey.pem;
 
        #SSL Optimization
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:20m;
    ssl_session_tickets off;
 
        # modern configuration
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
 
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'; 
 
        # OCSP stapling 
        ssl_stapling on; 
        ssl_stapling_verify on; 
 
        # verify chain of trust of OCSP response 
        ssl_trusted_certificate /etc/letsencrypt/.../chain.pem;
 
        #root directory and logfiles 
        root /srv/users/serverpilot/apps/..../public; 
 
        
 
        access_log /srv/users/serverpilot/log/.../appname_nginx.access.log main; 
        error_log /srv/users/serverpilot/log/.../appname_nginx.error.log; 
 
        #proxyset 
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-SSL on; 
        proxy_set_header X-Forwarded-Proto $scheme; 
 
        #includes 
        include /etc/nginx-sp/vhosts.d/appname.d/*.nonssl_conf; 
        include /etc/nginx-sp/vhosts.d/appname.d/*.conf; 
}

service nginx-sp restart

Voila! Your website is running on https. Try it out.

Oh! When the time comes to renew all your certificates, just run this:
– navigate to “certbot” folder:
cd certbot

Then renew the certificates:
./certbot-auto renew

Cheers

Leave a reply

Please enter your comment!
Please enter your name here