Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
litespeed_wiki:config:letsencrypt-ssl [2018/09/04 18:16] Eric Leu created |
litespeed_wiki:config:letsencrypt-ssl [2022/09/30 23:50] qtwrk |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Setup SSL with Let's Encrypt ====== | ====== Setup SSL with Let's Encrypt ====== | ||
- | [[https://letsencrypt.org/ | Let's Encrypt]] is designed to provide free, automated, and open security certificate authority (CA) for everyone. It enables website owners to get security certificates within minutes. This means everyone gets a safer web experience. | + | [[https://letsencrypt.org/ | Let's Encrypt]] is a Certificate Authority (CA) that provides free, automated, and open security certificates. It enables website owners to get security certificates within minutes, and leads to a safer web experience for everyone. |
- | ===== Apply SSL via Let's Encrypt ===== | + | ===== Apply for SSL via Let's Encrypt ===== |
- | - You may want to apply for your valid domain and point to your server first. | + | **Note**: You may want to get your valid domain and server set up before applying for your certificate. |
- | - Visit https://certbot.eff.org/ and choose your system for certbot command. | + | |
- | - We use CentOS7 as example. <code> | + | - Visit [[https://certbot.eff.org/ | certbot]] (a Let's Encrypt client). Choose ''None of the above'' for **Software** and choose your OS for **System**. We will use ''CentOS/RHEL 7'' as example. |
+ | - Certbot will bring up some instructions specific to your OS. For CentOS7 we will run the following commands:<code> | ||
yum install certbot | yum install certbot | ||
certbot certonly </code> | certbot certonly </code> | ||
- | - Then start entering your email, domain and valid web root, e.g. /usr/local/lsws/DEFAULT/html/ | + | - Enter your email, domain and valid web root, e.g. ''/usr/local/lsws/DEFAULT/html/'', when prompted |
- | - Then you should see Congratulations! if cert apply success. | + | - If your application is a success, you should see "Congratulations!" |
- | - Verify cert file exist \\ <code>ll /etc/letsencrypt/YOUR_DOMAIN/</code> | + | - Verify your certificate files exist: <code>ll /etc/letsencrypt/YOUR_DOMAIN/</code> You should see the following files:<code> |
* cert.pem | * cert.pem | ||
* chain.pem | * chain.pem | ||
* fullchain.pem | * fullchain.pem | ||
- | * privkey.pem | + | * privkey.pem</code> |
===== Setup SSL on LSWS===== | ===== Setup SSL on LSWS===== | ||
- | Access LiteSpeed Web Server **Web admin -> Configuration -> Listeners -> SSL** | + | Access LiteSpeed Web Server **Web Admin -> Configuration -> Listeners -> SSL** |
==== Method 1 with fullchain==== | ==== Method 1 with fullchain==== | ||
Line 22: | Line 23: | ||
* **Private Key File**: ''/etc/letsencrypt/live/Your_Domain/privkey.pem'' | * **Private Key File**: ''/etc/letsencrypt/live/Your_Domain/privkey.pem'' | ||
- | * **Certificate File**: ''/etc/letsencrypt/live/Your_Domain/fullchaim.pem'' | + | * **Certificate File**: ''/etc/letsencrypt/live/Your_Domain/fullchain.pem'' |
* **Chained Certificate**: ''Yes'' | * **Chained Certificate**: ''Yes'' | ||
* **CA Certificate Path**: | * **CA Certificate Path**: | ||
Line 33: | Line 34: | ||
* **Certificate File**: ''/etc/letsencrypt/live/Your_Domain/cert.pem'' | * **Certificate File**: ''/etc/letsencrypt/live/Your_Domain/cert.pem'' | ||
* **Chained Certificate**: ''No'' | * **Chained Certificate**: ''No'' | ||
- | * **CA Certificate Path: | + | * **CA Certificate Path**: |
* **CA Certificate File**: ''/etc/letsencrypt/live/Your_Domain/chain.pem'' | * **CA Certificate File**: ''/etc/letsencrypt/live/Your_Domain/chain.pem'' | ||
- | + | ===== Verify SSL is Working ===== | |
- | ===== How to verify SSL===== | + | ==== Online SSL Testing Tool==== |
- | ==== Online SSL testing tool==== | + | Use [[https://www.ssllabs.com/ssltest/|ssllabs]]'s testing tool. |
- | [[https://www.ssllabs.com/ssltest/|ssllabs]] | + | |
{{:litespeed_wiki:config:ssl-1.png?700|}} | {{:litespeed_wiki:config:ssl-1.png?700|}} | ||
- | ====Simple Browser check==== | + | ====Simple Browser Check==== |
- | If cert valid, you will see Secure in green color | + | If the certificate is valid, you will see **🔒 Secure** in green. |
+ | |||
+ | {{:litespeed_wiki:config:ssl-2.png?300|}} | ||
+ | |||
+ | You can also click the padlock to view the connection status. | ||
- | {{:litespeed_wiki:config:ssl-2.png?400|}} | + | {{:litespeed_wiki:config:ssl-3.png?400|}} |