Install:Quick Install SSL

From OpenLiteSpeed Wiki

Let's Encrypt

Why choose Let's Encrypt?
Let’s Encrypt is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG)

Before Installing SSL

  1. Please install OpenLiteSpeed. You might want to follow one of these tutorials: 1Click or Repo install
  2. Please register a domain to your public IP, e.g. godaddy or some other free domain register, e.g. freenom.


We are going to install Let's Encrypt with OLS on an AWS Linux server. Both OLS and Amazon Linux are not listed on the CertBot list but we are still able to install them using the following method.

Install Certbot


chmod a+x certbot-auto

./certbot-auto certonly --no-bootstrap

Save debug log to /var/log/letsencrypt/letsencrypt.log

Answer the following questions to complete the installation process

How would you like to authenticate with the ACME CA?

  1. Spin up a temporary webserver (standalone)
  2. Place files in webroot directory (webroot)

Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel):

Please read the Terms of Service at You must agree in order to register with the ACME server at


Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot?

Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel):

Input the webroot for YOUR_DOMAIN: (Enter 'c' to cancel):

Waiting for verification... Cleaning up challenges

IMPORTANT NOTES: Congratulations! Your certificate and chain have been saved at:

  • /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem
  Your key file has been saved at:
  • /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem

Your cert will expire on DATE. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again.
To non-interactively renew *all* of your certificates, run '"certbot-auto renew"'

Configure OpenLiteSpeed for SSL

Navigate to OpenLiteSpeed -> Web Console -> Listeners -> SSL -> SSL Private Key & Certificate

  • Private Key File: /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem
  • Certificate File: /etc/letsencrypt/live/YOUR_DOMAIN/cert.pem

Click SAVE then do a Graceful restart

Verify SSL

View Certificate

Open your site with https protocol. Click Secure to view site information

View Issuer

Click Valid, then you will see certificate information which should include Issued by Let's Encrypt

View Cert valid date

openssl x509 -noout -dates -in /etc/letsencrypt/live/YOUR_DOMAIN/cert.pem

  • notBefore=Jan 11 20:05:22 2018 GMT
  • notAfter=Apr 11 20:05:22 2018 GMT