Question

Install SSL certificate manually on serverpilot

Posted February 6, 2015 30k views

Hi, do guys know if is possible to install a SSL certificate on serverpilot but no by the panel? I mean, i have the free plan so that option is not available. Can i do it by my self?

7 comments

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
15 answers

Answering here in case others are searching for a solution:

ServerPilot uses Nginx as the public facing web server and proxies the requests to Apache. So, we have to add our SSL configuration to Nginx.

Steps:

Login to the server using SSH

Create a directory to hold the certificate and key files.

cd /home
mkdir -p certs/domain_name

Copy the certificate (.crt) and private (.key) files to this directory. Replace domain_name with your domain name.

Add custom SSL configuration here:

cd /etc/nginx-sp/vhosts.d
nano APP_NAME.ssl.conf

Replace APPNAME with your actual app name (website). Put this inside the file APPNAME.ssl.conf:

###############################################################################
# Install SSL Certificate
###############################################################################

server {
    listen       443 ssl;
    listen       [::]:443 ssl;
    server_name
        www.DOMAIN.com
        DOMAIN.com
      ;

    ssl_certificate /home/certs/domain_name/certificate_file.crt;
    ssl_certificate_key /home/certs/domain_name/privatekey_file.key;

    root   /srv/users/serverpilot/apps/APP_NAME/public;

    access_log  /srv/users/serverpilot/log/APP_NAME/APP_NAME_nginx.access.log  main;
    error_log  /srv/users/serverpilot/log/APP_NAME/APP_NAME_nginx.error.log;

    proxy_set_header    Host              $host;
    proxy_set_header    X-Real-IP         $remote_addr;
    proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;

    include /etc/nginx-sp/vhosts.d/APP_NAME.d/*.nonssl_conf;
    include /etc/nginx-sp/vhosts.d/APP_NAME.d/*.conf;
}

As usual, replace APPNAME, domainname, certificatefile and privatekeyfile with your own values.

Restart Nginx

service nginx-sp restart

That’s it. The SSL certificate is installed.

edited by asb
  • Hey thanks for the tip
    Have you missed “ssl on;” ?

  • @autorun Ah yes, thanks for pointing it out. I’m not sure how to update my original answer.

    ssl on;
    ssl_certificate /home/certs/domain_name/certificate_file.crt;
    ssl_certificate_key /home/certs/domain_name/privatekey_file.key;
    
  • Should logs be in a different place than the normal HTTP old ones?
    maybe, “`
    accesslog /srv/users/serverpilot/log/APPNAME/APPNAMEnginx.ssl.access.log main

    
    Everything works but I can't see any https log...
    
  • You can also enable SSL, by adding a ssl.conf file to /etc/nginx-sp/vhosts.d/{yourappname}.d

    And include just the listen and SSL parts there. Don’t wrap it in server blocks.

    Works fine and you’re less prone to ServerPilot accidentally throwing away your SSL config.

NikhilSharma thanks heaps!!

Here’s the final .ssl.conf file with the changes incorporated from the comments above.

server {
listen 443 ssl;
listen [::]:443 ssl;
server_name
www.DOMAIN.com
DOMAIN.com
;

ssl on;

ssl_certificate /home/certs/domain_name/certificate_file.crt;
ssl_certificate_key /home/certs/domain_name/privatekey_file.key;

root   /srv/users/serverpilot/apps/APP_NAME/public;

access_log  /srv/users/serverpilot/log/APP_NAME/APP_NAME_nginx.access.log  main;
error_log  /srv/users/serverpilot/log/APP_NAME/APP_NAME_nginx.error.log;

proxy_set_header    Host              $host;
proxy_set_header    X-Real-IP         $remote_addr;
proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
proxy_set_header    X-Forwarded-SSL on;
proxy_set_header    X-Forwarded-Proto $scheme;

include /etc/nginx-sp/vhosts.d/APP_NAME.d/*.nonssl_conf;
include /etc/nginx-sp/vhosts.d/APP_NAME.d/*.conf;
}

Make sure you replace APPNAME, domainname, certificatefile and privatekeyfile with your own values.

If your paths are incorrect you will either get an error when your restart Nginx or a 403 error when you visit your website.


Restart Nginx

service nginx-sp restart
  • I use cloudflare and I can’t do the certificate work. Any idea How I can setup cloudflare or my server?

    Thank you very much!

  • Thanks that was amazing and very sweet. Up and running on SSL within 10 minutes or so.

  • I have setup SSL on the second app following your instructions as above, but when I visit the site, it’s reading the SSL certificate of the 1st app, so I visitors are getting a warning.

    Any idea where I might have gone wrong? I have checked all the pathways and they seem right. Frustrating.

    Thanks,
    Ravinder

I recently wrote a detailed tutorial for it.. The actual SSL installation and configuration on ServerPilot will take less than 10 minutes. You can check it out over here:

https://www.blogmehow.com/how-to-manually-install-ssl-on-serverpilot-free-plan-1331/

Let me know if it helps…

Awesome dude, thank you very much for taking the time to help little noobs like me, lifesaver! hahaha @NikhilSharma

Thanks a lot!
Do you also know how to manage CA certs?

e.g. with comodo I have these CA certs:
COMODORSADomainValidationSecureServerCA.crt
COMODORSAAddTrustCA.crt
AddTrustExternalCARoot.crt

@NikhilSharma hi again! I have a little question more, if you have time =)…

In the case is a Wildcard SSL is the same steps above but for each subdomain?

Thanks again.

Should I replace :
www.DOMAIN.com
DOMAIN.com
as well ?

Thanks

In case it helps anyone, I had to add the following at the end of the proxy section to get it to work:

proxy_set_header    X-Forwarded-SSL on;
proxy_set_header    X-Forwarded-Proto $scheme;
Previous 1 2 Next