Install Let’s Encrypt SSL on ServerPilot Free Plan

Works with Digitalocean, Vultr and all other VPS.

Automate the installation of Let’s Encrypt SSL on free plan of ServerPilot.

This method adds Let’s encrypt SSL to your WordPress site created using Serverpilot and hosted on Digitalocean (can be any VPS). ServerPilot offers auto installation of Let’s encrypt when you upgrade with $10 per month. The following script saves time and works with free serverpilot account. Let’s see how to install SSL + a cornjob for auto-renew purpose.

Remember: If this article helped you, consider signup using this link to DigitalOcean to get $10 bonus for your droplet, (that’s about 2 month of free hosting). I spent about 5 days to test this, created script and added every possible help with all the required resources.

I tested this on devendrameena.com, So in the starting, you can see that the https is not enabled on the website.

Update: I moved this domain to blogger.

Important Notice

Create Droplet Snapshot: Visit your droplet > Snapshot and create a snapshot, will take 5-minutes, in case something goes wrong, you can restore it with one click.

DNS: Visit you DNS management site, and make sure to you have added Digitalocean nameserver. If your domain name DNS is not pointing to your website, simply the Lets Encrypt verification will fail and you won’t get SSL. So you need to ensure both www and non www domain points to your website.

Even though we tested all the things before publishing this article, we take no responsibility whatsoever you might face in the process. Do it at your own risk.

What Do you need?

1. Putty (To give ssh command)

2. Droplet’s root password. (You can always reset going to DigitalOcean > Droplet > Access > Reset Root Password). Similiar to other VPS.

3. “appname” Appname is the name of the WordPress (other app) installation. Visit serverpilot > Server > Apps and check app name. See the screenshot below highlighting the app name.

Or use an SFTP client like Cyberduck and log in and locate this to find the appname.

/srv/users/serverpilot/log/$appName/

Open SSH login to your Droplet

Open Putty, enter your droplet’s IP address and click on “Open” button. If you created SSH secrete key earlier, you don’t need to enter a password but that’s the step you should have done when creating Droplet (DigitalOcean).

Type “root” when asked login as. And then your root password (it won’t show just type and hit enter). You can copy the password and then right-click on the windows and press the enter key to login.

Installing Let’s Encrypt Repository

If git isn’t installed on your droplet, install it using this command, this will also get letsencrypt lib.

sudo apt-get -y install git

Clone the repo to your server using the following code. This will copy the script to your server and will execute it.

git clone https://github.com/quickfever/letsencrypt-serverpilot-free.git && cd serverpilot-letsencrypt-free && sudo mv sple.sh /usr/local/bin/qfssl && sudo chmod +x /usr/local/bin/qfssl && (crontab -l ; echo “@monthly \”sudo service nginx-sp stop && yes | letsencrypt –standalone renew &>/dev/null && service nginx-sp start && service nginx-sp reload\””)| crontab – && service cron reload

// The repo will be copied to your system under **/usr/local/bin** and will be made executable. And you don’t need to do anything 🙂

Note: Let’s encrypt allow only 5 SSL certificates per domain per week. If you think you already made this mistake, you’ve to wait for a week before using this method or use a different domain or subdomain of the domain you’re adding SSL for.

Install Letsencrypt SSL to Your Domain

Here are the simple steps to install SSL on your WordPress installation.

For main domains

Open SSh to your Droplet IP address using Putty and type the following commands.

qfssl

install

$example.com$

$app-name$

main

Details of these commands.

Visit serverpilot > Server > App, write down the app name, now type the following command in the putty and hit enter.

qfssl

Type install to run the script or uninstall to remove an existing SSL.

After you run install or uninstall command. Type the domain name. Don’t include HTTP/www/or any trailing slash.

example.com

Now type app name (you can find this on Serverpilot dashboard).

qapp_name

Choose if it’s a main domain or subdomain. Main will deploy SSL your www and non www domain. The Sub will deploy SSL for subdomain.

main

or

sub

Note: Either if your site is www or naked, use main command to deploy SSL for example.com and www.example.com

Note 2: Replace example.com and app_name with your domain and WordPress installation app name.

Security Note: If you wonder why it didn’t ask for your email and agree to terms as Default let’s encrypt installation asks so, I used this command to get past that.

// letsencrypt certonly –register-unsafely-without-email –agree-tos -d $domainName -d www.$domainName // Perhaps, It doesn’t matter.

For sub domains

If you run your website with subdomain like, blog.example.com etc.

qfssl

$domain.com$

$app_name$

sub

Uninstall SSL

qfssl

uninstall

$example.com$

$app_name$

main

For subdomain

qfssl

uninstall

$sub.example.com$

$app_name$

sub

 

Renew SSL Easily

You get SSL for 90 days, and after 60 days you can perform a manual renew of SSL using these commands.

  1. sudo service nginx-sp stop / will stop the nginx so SSL can re-deploy.
  2. letsencrypt renew / This will make attempt to renew SSL.
  3. sudo service nginx-sp start / Start nginx again.

Any questions? Ask me in the comment section.

Htaccess Changes.

If your site runs at www

You may want to redirect http, https:// to secure https://www, use the following code and add it to your .htaccess file.

RewriteCond %{HTTPS} !on [OR] RewriteCond %{HTTP_HOST} !^www\.
RewriteRule (.*) https://www.example.com%{REQUEST_URI} [L,R=301]

This will redirect http:// and https:// to https://www version.

If your site runs at non-www

You might want to redirect http, www, https://www to secure https://, use the following code and add it to your .htaccess file.

 

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.quickfever\.com [NC]
RewriteRule ^(.*)$ https://quickfever.com/$1 [L,R=301]
RewriteCond %{ENV:HTTPS} !on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteEngine on

RewriteCond %{HTTP_HOST} ^www\.example\.com$

RewriteRule ^(.*)$ “https\:\/\/example\.com\/$1” [R=301,L]

RewriteCond %{ENV:HTTPS} !on

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{QUERY_STRING} ^m=1$

RewriteRule ^(.*)$ /$1? [R=301,L]

This will redirect everything into https:// version.

Ensuring you’ve got SSL

Also this crt.sh site keeps tracks at your issued SSL.

Further Note: I used devendrameena.com as a demo in the process, as it’s more of a personal site, I’ll move it back to blogger server.

What more: If this article helped you, consider signup using this link to DigitalOcean to get $10 bonus for your droplet, (that’s about 2 months of free hosting).

If you’re using Yoast SEO plugin and enabled Sitemap.

Visit the sitemap page in Yoast SEO settings and disable, save it, then enable it again to force sitemap to change HTTP to HTTPS.

Total
0
Shares
Total
0
Shares
5 comments
      1. It will be auto renewed, but you can renew manually by giving “letsencrypt renew” command if SSL is expiring in next 30 days or less.

          1. The script will add the corn job. you don’t have to manually renew.

            Or you can run “letsencrypt renew” anytime.

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like