How to Create and configure SSL certificates in OpenLiteSpeed Server

At this stage, you should have successfully installed WordPress on your web server using one of the most powerful server packages. Next, we can obtain and install SSL certificates to add a security layer between your website server and your audience.

If you already used Certbot to obtain SSL certificates for your OpenLiteSpeed server, you can use the already installed Certbot client. In that case, you can skip the installation step here and go ahead to obtaining certificates for your WordPress site.

If you do not yet have the Certbot installed, use the steps here to get the client.

First, update the packages installed on the server.

sudo apt update

Then install the Certbot client with the following command.

sudo apt install certbot

Once you’ve installed the Certbot, go ahead and obtain the SSL certificates for your server with the command below. Note that before you can obtain SSL certificates, you need to have a domain name A record pointing to your OpenLiteSpeed server’s public IP address. You can find out more about how to create domain name records at its own guide.

sudo certbot certonly --webroot

You will then be prompted to answer the following questions.

  • Enter Email address: Type in your email address
  • Accept the terms of service: A
  • Share your Email Address with EFF: Type Y for yes and N for No.
  • Enter Domain name: Type your FQDN (fully qualified domain name) here
  • Input the Web root: /usr/local/lsws/Example/html/wordpress/

Once you have answered all the questions and validation process is complete, the certificate files will be saved in /etc/letsencrypt/live/<your-domain>/ directory.

Next, configure the WordPress site on your OpenLiteSpeed server to use the SSL certificate. Navigate to the Virtual Host configuration and open the SSL tab. Edit the SSL Private Key & Certificate.

***

Type the fields as follows:

Private Key File: /etc/letsencrypt/live/<your-domain>/privkey.pem
Certificate File: /etc/letsencrypt/live/<your-domain>/fullchain.pem
Chained Certificate: Yes
CA Certificate Path: /etc/letsencrypt/live/<your-domain>/fullchain.pem
CA Certificate File: /etc/letsencrypt/live/<your-domain>/fullchain.pem

***

Once completed, go to Listeners and add a new listener.

***

Fill in the fields as follows:

Listener Name: SSL
IP Address: ANY
Post: 443
Binding:
Enable REUSEPORT: Not Set
Secure: Yes

Once all set, apply the new settings by clicking the save icon on the right.

***

Next, view the SSL listener to configure the Virtual host mapping.

***

Add a row in Virtual Host Mappings.

***

Choose the virtual host and type in your domain name. Save the settings from the save button on the top right corner.

***

Once you’ve configured the SSL with your OpenLiteSpeed server, click the gracefully restart icon to apply the changes.

You should now be able to visit your website on https protocol as well.

Leave a Comment