Success! SolusVM Master How To Install Letsencrypt SSL in 2019
1. Verify the hostname of the server
Firstly, our Support Engineers verify that the SolusVM server has a valid hostname. Otherwise, we can’t fetch the SSL certificate for the hostname.
We always suggest customers to set a Fully Qualified Domain Name(FQDN) for their servers. In addition to that, we confirm the hostname has a valid A record. In other words, the server hostname should resolve properly. For instance, we use the dig command to confirm the hostname has valid A records.
2.Install Letsencrypt certificate
Installing Letsencrypt certificate on a SolusVM server involves a series of steps. Our Support Engineers commonly use ACME script(Automatic Certificate Management Environment) or Certbot utility to install Letsencrypt certificate on a SolusVM master server. Let’s see both cases in detail.
a) Using ACME
Here are the steps to install and renew Letsencrypt on SolusVM server using ACME script.
i) Install ACME script
Firstly, our Support Experts download and install the ACME script on the server. This script is available in repositories like Github.
For example, on Linux servers, we use the wget or curl command to download and install the ACME script.
wget -O – https://get.acme.sh | sh
curl https://get.acme.sh | sh
This installs the script on the user account and adds an alias as well. Most importantly, we logout from the current SSH session and login again to update the shell path.
In addition to that, this script checks for folder .verification in the location /usr/local/solusvm/www. So, our Support Experts ensure that this folder is created and have proper permissions.
ii) Request SSL certificate
The next step is to issue the SSL certificate using this ACME script. This script validates the domain over an http connection. For example, we use the below command to get the SSL certificate.
acme.sh –issue -d server.hostname.com -w /usr/local/solusvm/www/.verification
Here, replace server.hostname with the hostname of the SolusVM master server.
3. Install SSL certificate
The next step is to install the Letsencrypt certificate on the SolusVM master server. Our Support Engineers install it using the below script.
acme.sh –installcert -d server.hostname.com –keypath /usr/local/svmstack/nginx/ssl/ssl.key –fullchainpath /usr/local/svmstack/nginx/ssl/ssl.crt
This will install the SSL certificate and private key to the location /usr/local/svmstack/nginx/ssl/.
Further, we restart the web server and the sshwebsocket, and then generate the ssl.pem file using the below command.
acme.sh –reloadcmd “service svmstack-nginx restart; /usr/local/svmstack/sshwebsocket/quit; /usr/local/svmstack/sshwebsocket/port_check; cd /usr/local/svmstack/nginx/ssl && cat ssl.key ssl.crt > ssl.pem”
4. Setup a cron for auto renewal
The Letsencrypt certificate needs renewal every 90 days. However, this acme.sh script setup a cron job to automatically renew any certificates on the server. Our Support Engineers verify that the below cron job is added in the server using crontab -e command.
vim crontab -e
0 0 * * * “/home/user/.acme.sh”/acme.sh –cron –home “/home/user/.acme.sh” > /dev/null