First blog here, I just want to create this post so later when I need to install HTTPS/SSL on my websites, I can read this again.
My VPS is on Linode and you can buy one for yourself via this link: https://www.linode.com/?r=f1875871490ed8332f82aebf1aad0004e4493f33
The specs are 5$ plan with Ubuntu 16.04 (xenial)
I installed ServerPilot on it and was trying to install SSL on my portfolio domain. It’s an IDN domain (with special symbols etc.) https://lữtàilân.vn So thing get a bit complicated when adding SSL to it. But no sweat, you got me here!
The first thing I do is go to https://certbot.eff.org/lets-encrypt/ubuntuxenial-other and type all the commands (one by one) in SSH terminal (remove the $ symbol)
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot
after that, I type this command, the domain name should be in puny code format
sudo certbot certonly --webroot -w /srv/users/serverpilot/apps/APP_NAME/public -d domainname.com -d www.domainname.com
so for my domain name which I named the app_name is lutailan and my IDN domain in puny code is xn--ltiln-sqaq3562d.vn
sudo certbot certonly --webroot -w /srv/users/serverpilot/apps/lutailan/public -d xn--ltiln-sqaq3562d.vn -d www.xn--ltiln-sqaq3562d.vn
let the certbot do it magic then after Certbot downloads everything it needs you will be asked for an email address which is used for notifications about expiring certificates. Enter your address and then you should see a message that the certificates have been installed.
Configure NGINX to Use the Certificate
To be able to use the certificates, we need to create a configuration file for NGINX so that it knows where to find the certificates for the domain and how they should be used.
Move to the folder where the config files are stored (you can use winSCP or FileZilla) :
for each domain installed on the server you should see one configuration file and one folder for additional configurations both using the name of the app:
We need to create a new configuration file of the same name with .ssl appended to the end of the app name. So if the app name is ‘appname’ as the above example, we would need to create a file with notepad or sublime and name it:
The following configuration file tells NGINX where to find the certificates for the domain and enables http/2 with some strong encryption methods:
First, search and replace APP_NAME with the name of your app and domainname.com with your domain. Make sure you add all the subdomains that you generated certificates for after server_name.
Paste the code you just edited to this file appname.ssl.conf (rename it to match your app name)
go for a restart:
sudo service nginx-sp restart
after the restart, go to your wp-admin/settings/general and add https to this 2 rows
Congrats, your IDN domain is now served via https!
the thing about Let’s Encrypt – Free SSL/TLS Certificates is:
– The certificates are valid for only 90 days
So to make it last forever without much trouble to renew it after it’s expired, we will add a cron job to automatically renewing your certificates every 30 days.
1/ back to your terminal, type in
2/ copy and paste this command to the terminal
0 0 1 * * sudo certbot renew --post-hook "service nginx-sp restart"
ctrl + X to exit and press Y to save.
Now it will automatically renew your certificates every month painlessly.
That’s it, thank you for reading and leave a comment if you need any help. I will try to answer asap.
Thank Robert Went for his detail tutorial https://www.robertwent.com/blog/using-letsencrypt-serverpilot/