Set up SSL with Let's Encrypt¶
Let's Encrypt is a Certificate Authority (CA) that provides free, automated, and open security certificates. It enables website owners to get security certificates within minutes, and leads to a safer web experience for everyone.
Apply for SSL via Let's Encrypt¶
Note
You may want to get your valid domain and server set up before applying for your certificate.
- Visit certbot (a Let's Encrypt client). Choose
None of the above
for Software and choose your OS for System. We will useCentOS/RHEL 7
as an example. - Certbot will bring up some instructions specific to your OS. For CentOS7 we will run the following commands:
yum install certbot certbot certonly
- Enter your email, domain and valid web root, e.g.
/usr/local/lsws/DEFAULT/html/
. - If your application is a success, you should see
Congratulations!
- Verify your certificate files exist:
ll /etc/letsencrypt/YOUR_DOMAIN/
- You should see the following files:
cert.pem
chain.pem
fullchain.pem
privkey.pem
Set up SSL on LSWS¶
Navigate to LiteSpeed Web Server Web Admin > Configuration > Listeners > SSL
There are two methods you can choose from: with fullchain, and without.
With fullchain¶
- Private Key File:
/etc/letsencrypt/live/Your_Domain/privkey.pem
- Certificate File:
/etc/letsencrypt/live/Your_Domain/fullchain.pem
- Chained Certificate:
Yes
- CA Certificate Path:
- CA Certificate File:
Without fullchain¶
- Private Key File:
/etc/letsencrypt/live/Your_Domain/privkey.pem
- Certificate File:
/etc/letsencrypt/live/Your_Domain/cert.pem
- Chained Certificate:
No
- CA Certificate Path:
- CA Certificate File:
/etc/letsencrypt/live/Your_Domain/chain.pem
Verify SSL is Working¶
Online SSL Testing Tool¶
Use ssllabs's testing tool.
Simple Browser Check¶
The exact mechanism depends on your browser, but you should be able to click an icon next to the URL to get site information, including connection security.
You can usually also click on the padlock or similar icon to get more information about the connection.