OPT LETSHTTPS

Setting up an SSL certificate enables HTTPS on the web server, which secures the traffic between the server and the clients connecting to it. Certbot is a free and automated way to set up SSL certificates on a server.

Step 1. Register Domain¶

To use Certbot, you’ll need a registered domain name and DNS records:

An A record from the domain (e.g., example.com) to the server’s IP address
An A record from the domain prefaced with www (e.g., www.example.com) to the server’s IP address.

Step 2. Add Domain to Listener¶

Navigate to OpenLiteSpeed WebAdmin Console > Listeners, and add Your Domain to HTTP/HTTPS.

Step 3. Certbot¶

Once the DNS records are set up, you can generate the SSL certificate. Be sure to substitute the correct domain name in the following command:

certbot certonly --webroot -w /var/www/html/ -d example.com -d www.example.com

If certificate verification is a success, you should find your certificate files stored in /etc/letsencrypt/

Step 4. Set SSL for HTTPS¶

Navigate to OpenLiteSpeed WebAdmin Console > Listeners > SSL, and edit the following three items:

Private Key File = /etc/letsencrypt/live/example.com/privkey.pem
Certificate File = /etc/letsencrypt/live/example.com/fullchain.pem
Chained Certificate = Yes

Save and perform a Graceful Restart.

Now your server should support TLS1.1, TLS 1.2, and TLS 1.3.

Step 5. Redirect HTTP to HTTPS¶

HTTPS traffic on port 443 is already allowed through the firewall. After you set up HTTPS, you can optionally rewrite all HTTP traffic to HTTPS.

Add the following rules to OpenLiteSpeed WebAdmin Console > Virtual Hosts > Rewrite > Rewrite Rules

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [R,L]