The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

How to install SSL on ServerPilot

Download Windows Speedup Tool to fix errors and make PC run faster

If you have installed WordPress with ServerPilot, and you want to install Comodo Positive SSL on ServerPilot, here is a step-by-step guide to help you. This tutorial is for a root domain user, and you might be unable to do the same if you have a subdomain.

An SSL is not mandatory if you have a general website or personal blog. However, a few months back, Google acknowledged using SSL or HTTPS as a ranking factor. Hence, if you want to get a little more exposure in the eyes of the giant search engine, installing SSL can help you.

Google Chrome has started showing a “Not Secure” tag in the address bar if a website doesn’t have SSL or HTTPS, and so, if you don’t install SSL, it may damage the user experience.

ServerPilot is a helping hand if you use an unmanaged VPS. You will be able to install WordPress very easily. This online tool allows users to install SSL. However, that is a free and shared SSL. If you do not want to use a shared SSL certificate for your website and want to install Positive SSL on ServerPilot, this is the guide you need.

How to Install SSL on ServerPilot

To install SSL on your domain, you need a few things:

  • Cyberduck
  • Putty (You can download from official website)
  • SSL certificate from a reliable source
  • CSR
  • Private key
  • Server IP address
  • Root password

First, you need to obtain the Positive SSL certificate for your domain. For that, you can head over to the website where you purchase the SSL and issue a certificate for your domain. During that period, you need to generate CSR. You can visit this website to make a CSR for your domain.

During the CSR generation, you should enter www.your-domain.com if your site URL is http://www.your-domain.com. If your site URL is http://your-domain.com, you have to enter YOUR-DOMAIN.COM. They provide SSL only for one version of your site URL (with or without WWW).

Also, you will get two things, i.e., CSR and Private Key. You must have to make a copy of these two things. Also, make sure they are separate files. For CSR, you should get the starting and ending tags like this-

-----BEGIN CERTIFICATE REQUEST-----
Some random unique characters
-----END CERTIFICATE REQUEST-----

For Private key, you will get the tags like this-

-----BEGIN PRIVATE KEY-----
Some random unique characters
-----END PRIVATE KEY-----

Save the CSR with .csr extension and save the Private key with .key extension.

After the domain verification, most of the SSL certificate issuers send the certificate files via email. You should get a zip file that contains these files-

www_domain-name_com.crt

COMODORSADomainValidationSecureServerCA.crt

COMODORSAAddTrustCA.crt

AddTrustExternalCARoot.crt

After having them all, open Putty and log into your server. You can find a window like this-

Enter the IP address, use 22 as Port and hit the Enter button. Therefore, you need to user “root” as username and the root password. After that, enter this command-

cd /etc/nginx-sp
mkdir certs
cd certs
mkdir your-domain.com
cd your-domain.com

In this folder, upload these following files-

CSR

Private Key

www_domain-name_com.crt

COMODORSADomainValidationSecureServerCA.crt

COMODORSAAddTrustCA.crt

AddTrustExternalCARoot.crt

You can use Cyberduck to upload all the files.

Following that, enter this command in Putty-

cat www_domain-name_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt >> chain.crt

In some cases, the SSL provider can send only two files:

  1. www_domain-name_com.ca-bundle
  2. www.domain-name_com.crt

The .ca-bundle is nothing but a consolidated file of other three files as mentioned above. If you received these files instead of four certificate files, you need to upload these two in the your-domain.com folder.

Following that, you can enter this command in Putty-

cat www.domain-name_com.crt www_domain-name_com.ca-bundle >> chain.crt

After that, enter this command-

cd /etc/nginx-sp/vhosts.d/app-name.d

Do not forget to change the app-name.d with your app name. In the app-name.d directory, create a file and name it ssl.conf. Open up this file with Notepad or any other text editor and enter these lines of code-

listen  443 ssl;
listen [::]:443 ssl;
ssl_certificate         /etc/nginx-sp/certs/your-domain.com/chain.crt;
ssl_certificate_key     /etc/nginx-sp/certs/your-domain.com/private.key;
ssl_session_cache       shared:SSL:20m;
ssl_session_timeout     10m;
ssl_prefer_server_ciphers       on;
ssl_protocols                   TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers                     EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH!aNULL:!MD5:!DSS;
ssl_stapling            on;
ssl_stapling_verify     on;
ssl_trusted_certificate /etc/nginx-sp/certs/ your-domain.com/www_domain-name_com.crt;
set $ssl_status off;
if ($scheme = "https") {
set $ssl_status on;
}
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl $ssl_status;

Do not forget to replace the given file names with your own file names.

After that, create another file in the same directory and name it off.nossl_conf. Open up this file with any text editor and add this:

if ($scheme !="https"){
return 301 https://$server_name$request_uri;
}

Now enter this command in Putty-

nginx-sp -t

It should show a success message like this-

install Positive SSL on ServerPilot

If it shows a success message, you need to restart Nginx. For that, enter this command-

service nginx-sp restart

Now, you should check whether your SSL has been installed successfully or not. There is an online tool called SSL Checker. You can visit the website and enter your domain name. You should get a message like this-

install SSL on ServerPilot

Now, you need to make all the redirections. For instance, you need to redirect from http to https. If you have already added the website in Google or Bing Webmaster Tools or Search Engine Console before installing the SSL, you need to verify your website there too. On the other hand, you need to make all the changes in various social networking platforms like Facebook, Twitter, etc.

Get HTTPS with WWW

You need to enter this in the htaccess file:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^your-domain.com [NC]
RewriteRule ^(.*)$ http://www.your-domain.com/$1 [L,R=301,NC]
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.your-domain.com/$1 [R,L]

Get HTTPS without WWW

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www. your-domain.com [NC]
RewriteRule ^(.*)$ http:// your-domain.com/$1 [L,R=301]
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://your-domain.com/$1 [R,L]

In case nothing is working, you can install this WordPress plugin called Really Simple SSL on your WordPress site.

Now, you can keep using your website with HTTPS.

I hope this guide will be helpful to you.

SudipMajhi@TWC

When he is not writing about Microsoft Windows or Office, Sudip likes to work with Photoshop. He has managed the front end and back end of many websites over the years. He is currently pursuing his Bachelor's degree.