If you have installed WordPress with ServerPilot, and you want to install Comodo Positive SSL on ServerPilot, here is a step-by-step guide to help you. This tutorial is for a root domain user, and you might be unable to do the same if you have a subdomain.
An SSL is not mandatory if you have a general website or personal blog. However, a few months back, Google acknowledged using SSL or HTTPS as a ranking factor. Hence, if you want to get a little more exposure in the eyes of the giant search engine, installing SSL can help you.
Google Chrome has started showing a “Not Secure” tag in the address bar if a website doesn’t have SSL or HTTPS, and so, if you don’t install SSL, it may damage the user experience.
ServerPilot is a helping hand if you use an unmanaged VPS. You will be able to install WordPress very easily. This online tool allows users to install SSL. However, that is a free and shared SSL. If you do not want to use a shared SSL certificate for your website and want to install Positive SSL on ServerPilot, this is the guide you need.
How to Install SSL on ServerPilot
To install SSL on your domain, you need a few things:
- Cyberduck
- Putty (You can download from official website)
- SSL certificate from a reliable source
- CSR
- Private key
- Server IP address
- Root password
First, you need to obtain the Positive SSL certificate for your domain. For that, you can head over to the website where you purchase the SSL and issue a certificate for your domain. During that period, you need to generate CSR. You can visit this website to make a CSR for your domain.
During the CSR generation, you should enter www.your-domain.com if your site URL is http://www.your-domain.com. If your site URL is http://your-domain.com, you have to enter YOUR-DOMAIN.COM. They provide SSL only for one version of your site URL (with or without WWW).
Also, you will get two things, i.e., CSR and Private Key. You must have to make a copy of these two things. Also, make sure they are separate files. For CSR, you should get the starting and ending tags like this-
-----BEGIN CERTIFICATE REQUEST----- Some random unique characters -----END CERTIFICATE REQUEST-----
For Private key, you will get the tags like this-
-----BEGIN PRIVATE KEY----- Some random unique characters -----END PRIVATE KEY-----
Save the CSR with .csr extension and save the Private key with .key extension.
After the domain verification, most of the SSL certificate issuers send the certificate files via email. You should get a zip file that contains these files-
www_domain-name_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt
After having them all, open Putty and log into your server. You can find a window like this-
Enter the IP address, use 22 as Port and hit the Enter button. Therefore, you need to user “root” as username and the root password. After that, enter this command-
cd /etc/nginx-sp
mkdir certs
cd certs
mkdir your-domain.com
cd your-domain.com
In this folder, upload these following files-
CSR Private Key www_domain-name_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt
You can use Cyberduck to upload all the files.
Following that, enter this command in Putty-
cat www_domain-name_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt >> chain.crt
In some cases, the SSL provider can send only two files:
- www_domain-name_com.ca-bundle
- www.domain-name_com.crt
The .ca-bundle is nothing but a consolidated file of other three files as mentioned above. If you received these files instead of four certificate files, you need to upload these two in the your-domain.com folder.
Following that, you can enter this command in Putty-
cat www.domain-name_com.crt www_domain-name_com.ca-bundle >> chain.crt
After that, enter this command-
cd /etc/nginx-sp/vhosts.d/app-name.d
Do not forget to change the app-name.d with your app name. In the app-name.d directory, create a file and name it ssl.conf. Open up this file with Notepad or any other text editor and enter these lines of code-
listen 443 ssl; listen [::]:443 ssl; ssl_certificate /etc/nginx-sp/certs/your-domain.com/chain.crt; ssl_certificate_key /etc/nginx-sp/certs/your-domain.com/private.key; ssl_session_cache shared:SSL:20m; ssl_session_timeout 10m; ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH!aNULL:!MD5:!DSS; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx-sp/certs/ your-domain.com/www_domain-name_com.crt; set $ssl_status off; if ($scheme = "https") { set $ssl_status on; } proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Ssl $ssl_status;
Do not forget to replace the given file names with your own file names.
After that, create another file in the same directory and name it off.nossl_conf. Open up this file with any text editor and add this:
if ($scheme !="https"){ return 301 https://$server_name$request_uri; }
Now enter this command in Putty-
nginx-sp -t
It should show a success message like this-
If it shows a success message, you need to restart Nginx. For that, enter this command-
service nginx-sp restart
Now, you should check whether your SSL has been installed successfully or not. There is an online tool called SSL Checker. You can visit the website and enter your domain name. You should get a message like this-
Now, you need to make all the redirections. For instance, you need to redirect from http to https. If you have already added the website in Google or Bing Webmaster Tools or Search Engine Console before installing the SSL, you need to verify your website there too. On the other hand, you need to make all the changes in various social networking platforms like Facebook, Twitter, etc.
Get HTTPS with WWW
You need to enter this in the htaccess file:
RewriteEngine on RewriteCond %{HTTP_HOST} ^your-domain.com [NC] RewriteRule ^(.*)$ http://www.your-domain.com/$1 [L,R=301,NC] RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.your-domain.com/$1 [R,L]
Get HTTPS without WWW
RewriteEngine on RewriteCond %{HTTP_HOST} ^www. your-domain.com [NC] RewriteRule ^(.*)$ http:// your-domain.com/$1 [L,R=301]
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://your-domain.com/$1 [R,L]
In case nothing is working, you can install this WordPress plugin called Really Simple SSL on your WordPress site.
Now, you can keep using your website with HTTPS.
I hope this guide will be helpful to you.