SSL certificate installation on DigitalOcean + ServerPilot (Apache)

SSL certificate installation on DigitalOcean + ServerPilot (Apache)

First things first, finding out about DigitalOcean and ServerPilot was one of the best discoveries I have ever had as a web developer. Not saying that it is not fun to spin up a blank server and installing the required stack to host the website I work on or manage, but these steps take time. DigitalOcean and ServerPilot combination allows me to set up a solid, secure and affordable server in a few minutes. The only missing piece was to install an SSL certificate with ease without having to upgrade to ServerPilot paid plan which costs from $10/month.

As it turns out, it is not that difficult. Although you need to have basic knowledge of running UNIX command lines and text editor. You can probably found many detailed tutorials to install SSL certificate on DO + SP stack, but most of them are for Nginx environment. Mine is for Apache, which I am more familiar with.

There is nothing original here. I am merely summarizing the steps from excellent references I found:

  1. How To Install an SSL Certificate from a Commercial Certificate Authority | DigitalOcean
  2. Install SSL certificate manually on serverpilot for Apache

Create a directory for your keys and certificates

To keep things tidy and make it easier to follow this tutorial, I am going to create a dedicated directory to store all the keys and certificates. So let’s create a new directory after logging into the server using SSH. We want to put everything under /etc/apache-sp/certs/appname  so let’s do that:

* replace appname  with your application name on ServerPilot

Generate a CSR and Private Key

Once it has been created, you want to change into the directory:

Then generate a pair of certificate signing request (CSR) and private key:

You will be prompted to enter information about your certificate request. To save time, DigitalOcean already provides excellent instructions on what to enter here.

Once that’s done, copy the content of the generated CSR using this command:

Purchase an SSL certificate

At this point, I assume you are already familiar in purchasing and requesting an SSL certificate. In case you need some guidance, DigitalOcean gives a couple of examples to do this using NameCheap and GoDaddy.

Installing the SSL certificate on the server

Once you have completed the process of generating SSL certificate, you are most likely will receive 2 files:

  1. The SSL certificate
  2. The CA intermediate certificate

You need to copy both of these files into the /etc/apache-sp/certs/appname  we created earlier. If you do everything correctly to this point, you should have 4 files within that directory:

  1. The certificate signing request (CSR): yourdomain.com.csr
  2. The private key: yourdomain.com.key
  3. The SSL certificate: yourdomain_com.crt
  4. The CA intermediate certificate: yourdomain_com.ca-bundle

Enabling SSL on your domain

We have come to the magic moment and most critical step. You will need to edit Apache’s configuration file to enable the SSL. You have to create a separate configuration file from the default one(s), otherwise ServerPilot might overwrite your custom file when it is updating your server.

The config files are located on /etc/apache-sp/vhosts.d  directory so let’s change the directory to it:

Then you can view available config files under that directory using the ls  command. There are probably several .conf  files there if you are hosting multiple sites on the server.

Now we want to create a new config file related to your app/site name. I am calling it appname.ssl.conf .

This is going to open the Vi editor where you are going to enter the edited lines:

Save the file and restart your Apache server:

Done! Test it out by opening your site using https://  prefix, eg: https://www.yourdomain.com.

You may need to adjust your site’s settings to ensure all components are called using https://  instead of http:// , but that’s a whole different process and not going to be covered here.

Leave a Reply