Hi, do guys know if is possible to install a SSL certificate on serverpilot but no by the panel? I mean, i have the free plan so that option is not available. Can i do it by my self?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×Answering here in case others are searching for a solution:
ServerPilot uses Nginx as the public facing web server and proxies the requests to Apache. So, we have to add our SSL configuration to Nginx.
Steps:
Login to the server using SSH
Create a directory to hold the certificate and key files.
cd /home
mkdir -p certs/domain_name
Copy the certificate (.crt) and private (.key) files to this directory. Replace domain_name with your domain name.
Add custom SSL configuration here:
cd /etc/nginx-sp/vhosts.d
nano APP_NAME.ssl.conf
Replace APPNAME with your actual app name (website). Put this inside the file APPNAME.ssl.conf:
###############################################################################
# Install SSL Certificate
###############################################################################
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name
www.DOMAIN.com
DOMAIN.com
;
ssl_certificate /home/certs/domain_name/certificate_file.crt;
ssl_certificate_key /home/certs/domain_name/privatekey_file.key;
root /srv/users/serverpilot/apps/APP_NAME/public;
access_log /srv/users/serverpilot/log/APP_NAME/APP_NAME_nginx.access.log main;
error_log /srv/users/serverpilot/log/APP_NAME/APP_NAME_nginx.error.log;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
include /etc/nginx-sp/vhosts.d/APP_NAME.d/*.nonssl_conf;
include /etc/nginx-sp/vhosts.d/APP_NAME.d/*.conf;
}
As usual, replace APPNAME, domainname, certificatefile and privatekeyfile with your own values.
Restart Nginx
service nginx-sp restart
That’s it. The SSL certificate is installed.
@autorun Ah yes, thanks for pointing it out. I’m not sure how to update my original answer.
ssl on;
ssl_certificate /home/certs/domain_name/certificate_file.crt;
ssl_certificate_key /home/certs/domain_name/privatekey_file.key;
Should logs be in a different place than the normal HTTP old ones?
maybe, “`
accesslog /srv/users/serverpilot/log/APPNAME/APPNAMEnginx.ssl.access.log main
Everything works but I can't see any https log...
You can also enable SSL, by adding a ssl.conf file to /etc/nginx-sp/vhosts.d/{yourappname}.d
And include just the listen and SSL parts there. Don’t wrap it in server blocks.
Works fine and you’re less prone to ServerPilot accidentally throwing away your SSL config.
NikhilSharma thanks heaps!!
Here’s the final .ssl.conf file with the changes incorporated from the comments above.
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name
www.DOMAIN.com
DOMAIN.com
;
ssl on;
ssl_certificate /home/certs/domain_name/certificate_file.crt;
ssl_certificate_key /home/certs/domain_name/privatekey_file.key;
root /srv/users/serverpilot/apps/APP_NAME/public;
access_log /srv/users/serverpilot/log/APP_NAME/APP_NAME_nginx.access.log main;
error_log /srv/users/serverpilot/log/APP_NAME/APP_NAME_nginx.error.log;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto $scheme;
include /etc/nginx-sp/vhosts.d/APP_NAME.d/*.nonssl_conf;
include /etc/nginx-sp/vhosts.d/APP_NAME.d/*.conf;
}
Make sure you replace APPNAME, domainname, certificatefile and privatekeyfile with your own values.
If your paths are incorrect you will either get an error when your restart Nginx or a 403 error when you visit your website.
Restart Nginx
service nginx-sp restart
I use cloudflare and I can’t do the certificate work. Any idea How I can setup cloudflare or my server?
Thank you very much!
Thanks that was amazing and very sweet. Up and running on SSL within 10 minutes or so.
I have setup SSL on the second app following your instructions as above, but when I visit the site, it’s reading the SSL certificate of the 1st app, so I visitors are getting a warning.
Any idea where I might have gone wrong? I have checked all the pathways and they seem right. Frustrating.
Thanks,
Ravinder
I recently wrote a detailed tutorial for it.. The actual SSL installation and configuration on ServerPilot will take less than 10 minutes. You can check it out over here:
https://www.blogmehow.com/how-to-manually-install-ssl-on-serverpilot-free-plan-1331/
Let me know if it helps…
THIS WAS THE ONLY THING THAT HELPED ME! FINALLY! THANK YOU THANK YOU THANK YOU!
I love serverpilot, but REFUSE to pay $120/yr per server for what should be a simple text config. SP really needs to toss this config into their FREE account. WTF?
Awesome dude, thank you very much for taking the time to help little noobs like me, lifesaver! hahaha @NikhilSharma
Thanks a lot!
Do you also know how to manage CA certs?
e.g. with comodo I have these CA certs:
COMODORSADomainValidationSecureServerCA.crt
COMODORSAAddTrustCA.crt
AddTrustExternalCARoot.crt
OK figured it out:
All individual crt-files above have to be combined into one (bundled) crt-file.
Then simply replace the file name above “certificate_file.crt” with your bundle.crt-file (or whatever you named the file).
Test it here to see if they all certs chained up nicely: https://www.sslshopper.com/ssl-checker.html
@NikhilSharma hi again! I have a little question more, if you have time =)…
In the case is a Wildcard SSL is the same steps above but for each subdomain?
Thanks again.
That is correct. Just make sure that the domain in the certificate itself is set to *.yourdomain.com.
Same question…
@ThatPoorKid You could find a solution? I’ve been reading blogs but i am sort of a noob on this..
Following normal commandline procedures to install SSL into Apache2, you should not have any problems. There’s plenty of online tutorials, even video tutorials, showing how to do that.
I have successfully installed ssl. but when I opened wordpress site, firefox showing “Insecure contents. ssl some unencrypted elements on this website have been blocked” wordpress is totally messed… any idea on this error?
thanks
Hi @beenaoc this not a problem from the SSL certificate, this means your WordPress is calling assets without the https url path. I had the same issue. You can manually check your site for such urls and make the changes or install some plugin that force the WordPress to do so. Sorry if my english isn’t perfect but i am willing to help.
For example: you insert one image with this path http://yoursite.com/image.jpg instead of https://yoursite.com/image.jpg. this apply for all, including js, CSS, etc.
I have select coach plan to deploy ssl. After that I downgrade to free plan and supprise SSL stil work. I can’t understand.
Yes caoquyenis, but what happens when the cert expires?