How to Install Letsencrypt SSL on Serverpilot Free Plan

Automate the installation of Letsencrypt SSL on free plan of ServerPilot.

Update: Article updated to address all the SSL bugs.

This method adds Let’s encrypt SSL to your WordPress site created using Serverpilot and hosted on Digitalocean (can be any VPS). ServerPilot offers auto installation of Letsencrypt when you upgrade with $10 per month. The following script saves time and works with a free Serverpilot account. Let’s see how to install SSL + a cronjob for auto-renew purposes.

Remember: If this article helped you, consider signup using this link to DigitalOcean to get a $10 bonus for your droplet, (that's about 2 months of free hosting). I spent about 5 days to test this, created script and added every possible help with all the required resources.

I tested this on devendrameena.com, So in the starting, you can see that the https is not enabled on the website.

Update: I moved this domain to blogger.

Important Notice

Create Droplet Snapshot: Visit your droplet > Snapshot and create a snapshot, will take 5-minutes, in case something goes wrong, you can restore it with one click.

DNS: Visit you DNS management site, and make sure to you have added Digitalocean nameserver. If your domain name DNS is not pointing to your website, simply the Lets Encrypt verification will fail and you won’t get SSL. So you need to ensure both www and non www domain points to your website.

Even though we tested all the things before publishing this article, we take no responsibility whatsoever you might face in the process. Do it at your own risk.

What Do you need?

1. Putty (To give ssh command)

2. Droplet’s root password. (You can always reset going to DigitalOcean > Droplet > Access > Reset Root Password). Similiar to other VPS.

3. appname is the name of the WordPress installation. Visit Serverpilot > Server > Apps and check the app name. See the screenshot below highlighting app name.

Or use an SFTP client like Cyberduck and log in and locate this to find the appname.

/srv/users/serverpilot/log/$appName/

Open SSH login to your Droplet

Open Putty, enter your droplet IP address and click on the “Open” button. If you created SSH secrete key earlier, you don’t need to enter a password but that’s the step you should have done when creating Droplet (DigitalOcean).

Type root when asked login as. And then your root password (it won’t show just type and hit enter). You can copy the password and then right-click on the windows and press the enter key to log in.

Installing LetsEncrypt Repository

If git isn’t installed on your droplet, install it using this command, this will also get letsencrypt lib.

apt-get update && \
apt-get -y install python3-pip build-essential libssl-dev libffi-dev python3-dev

Now enter the following code line. This will copy the script to your server and will execute it.

pip3 install rwssl==2.0.4

If this worked you should be able to use rwssl -h to bring the menu.

Otherwise use this to copy repo to **/usr/local/bin** and make it executable. That’s it, no more codes.

Note: LetsEncrypt allow only 5 SSL certificates per domain per week. If you think you already made this mistake, you’ve to wait for a week before using this method or use a different domain or subdomain of the domain you’re adding SSL for.

Install Letsencrypt SSL to Your Domain

Here are the simple steps to install SSL on your WordPress installation.

For main domains

Open SSh to your Droplet IP address using Putty and type the following commands.

rwssl getcert --app foo

Remember to change app with your server app name.

Visit serverpilot > Server > App, write down the app name.

More commands

CommandDetailsExamples
getcertGet letsencrypt cert for an app.rwssl getcert --app foo
getcertsGet letsencrypt certs for all apps.rwssl getcerts for all users apps or rwssl getcerts --user john for john’s apps
removecertUninstall SSL cert from an app.rwssl removecert --app foo
removecertsUninstall SSL certs for all apps.rwssl removecerts for all users apps or rwssl removecerts --user john for john’s apps
forcesslForce SSL certificate for an app.rwssl forcessl --app foo
unforcesslUnforce SSL certificate for an app.rwssl unforcessl --app foo
forceallForce HTTPs for all apps.rwssl forceall for all users apps or rwssl forceall --user john for john’s apps
unforceallUnforce HTTPs for all apps.rwssl unforceall for all users apps or rwssl unforceall --user john for john’s apps
Copyright https://github.com/rehmatworks/serverpilot-letsencrypt

This is how it will look like.

Security Note: If you wonder why it didn’t ask for your email and agree to terms as Default Letsencrypt installation asks so, I used this command to get past that.

// letsencrypt certonly --register-unsafely-without-email --agree-tos -d $domainName -d www.$domainName // Perhaps, It doesn't matter.

Uninstall SSL

rwssl removecert --app foo
rwssl removecerts --user

Renew SSL Easily

You get SSL for 90 days, and after 60 days you can perform a manual renew of SSL using these commands.

  1. sudo service nginx-sp stop / will stop the nginx so SSL can re-deploy.
  2. letsencrypt renew / This will make attempt to renew SSL.
  3. sudo service nginx-sp start / Start nginx again.

Any questions? Ask me in the comment section.

Htaccess Changes.

If your site runs at www

You may want to redirect http, https:// to secure https://www, use the following code and add it to your .htaccess file.

RewriteCond %{HTTPS} !on [OR]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule (.*) https://www.example.com%{REQUEST_URI} [L,R=301]

This will redirect http:// and https:// to https://www version.

If your site runs at non-www

You might want to redirect http, www, https://www to secure https://, use the following code and add it to your .htaccess file.

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.quickfever\.com [NC]
RewriteRule ^(.*)$ https://quickfever.com/$1 [L,R=301]
RewriteCond %{ENV:HTTPS} !on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule ^(.*)$ "https\:\/\/example\.com\/$1" [R=301,L]
RewriteCond %{ENV:HTTPS} !on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{QUERY_STRING} ^m=1$
RewriteRule ^(.*)$ /$1? [R=301,L]

This will redirect everything into https:// version.

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

Ensuring you’ve got SSL

Also this crt.sh site keeps tracks at your issued SSL.

Further Note: I used devendrameena.com as a demo in the process, as it’s more of a personal site, I’ll move it back to blogger server.

Conclusion

If this article helped you, consider signup using this link to DigitalOcean to get a $10 bonus for your droplet, (that’s about 2 months of free hosting).

If you’re using Yoast SEO plugin and enabled Sitemap; visit the sitemap page in Yoast SEO settings and disable-enable to force sitemap to change HTTP to HTTPS.

7 comments
    1. Hi Laura, I updated it to work with the latest scenario. But i suggest you move to cyberpanal, a more powerful service to make wordpress blog, and ssl is 1 click too.

      1. It will be auto renewed, but you can renew manually by giving “letsencrypt renew” command if SSL is expiring in next 30 days or less.

          1. The script will add the corn job. you don’t have to manually renew.

            Or you can run “letsencrypt renew” anytime.

Leave a Reply

Your email address will not be published.