SSL certificate installation on DigitalOcean + ServerPilot (Apache)

SSL certificate installation on DigitalOcean + ServerPilot (Apache)

First things first, finding out about DigitalOcean and ServerPilot was one of the best discoveries I have ever had as a web developer. Not saying that it is not fun to spin up a blank server and installing the required stack to host the website I work on or manage, but these steps take time. DigitalOcean and ServerPilot combination allows me to set up a solid, secure and affordable server in a few minutes. The only missing piece was to install an SSL certificate with ease without having to upgrade to ServerPilot paid plan which costs from $10/month.

As it turns out, it is not that difficult. Although you need to have basic knowledge of running UNIX command lines and text editor. You can probably found many detailed tutorials to install SSL certificate on DO + SP stack, but most of them are for Nginx environment. Mine is for Apache, which I am more familiar with.

There is nothing original here. I am merely summarizing the steps from excellent references I found:

  1. How To Install an SSL Certificate from a Commercial Certificate Authority | DigitalOcean
  2. Install SSL certificate manually on serverpilot for Apache

Create a directory for your keys and certificates

To keep things tidy and make it easier to follow this tutorial, I am going to create a dedicated directory to store all the keys and certificates. So let’s create a new directory after logging into the server using SSH. We want to put everything under /etc/apache-sp/certs/appname  so let’s do that:

mkdir /etc/apache-sp/certs
mkdir /etc/apache-sp/certs/appname

* replace appname  with your application name on ServerPilot

Generate a CSR and Private Key

Once it has been created, you want to change into the directory:

cd /etc/apache-sp/certs/appname

Then generate a pair of certificate signing request (CSR) and private key:

openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.com.key -out yourdomain.com.csr

You will be prompted to enter information about your certificate request. To save time, DigitalOcean already provides excellent instructions on what to enter here.

Once that’s done, copy the content of the generated CSR using this command:

cat example.com.csr

Purchase an SSL certificate

At this point, I assume you are already familiar in purchasing and requesting an SSL certificate. In case you need some guidance, DigitalOcean gives a couple of examples to do this using NameCheap and GoDaddy.

Installing the SSL certificate on the server

Once you have completed the process of generating SSL certificate, you are most likely will receive 2 files:

  1. The SSL certificate
  2. The CA intermediate certificate

You need to copy both of these files into the /etc/apache-sp/certs/appname  we created earlier. If you do everything correctly to this point, you should have 4 files within that directory:

  1. The certificate signing request (CSR): yourdomain.com.csr
  2. The private key: yourdomain.com.key
  3. The SSL certificate: yourdomain_com.crt
  4. The CA intermediate certificate: yourdomain_com.ca-bundle

Enabling SSL on your domain

We have come to the magic moment and most critical step. You will need to edit Apache’s configuration file to enable the SSL. You have to create a separate configuration file from the default one(s), otherwise ServerPilot might overwrite your custom file when it is updating your server.

The config files are located on /etc/apache-sp/vhosts.d  directory so let’s change the directory to it:

cd /etc/apache-sp/vhosts.d

Then you can view available config files under that directory using the ls  command. There are probably several .conf  files there if you are hosting multiple sites on the server.

Now we want to create a new config file related to your app/site name. I am calling it appname.ssl.conf .

vi appname.ssl.conf

This is going to open the Vi editor where you are going to enter the edited lines:

Listen 443

<VirtualHost *:443>
    Define DOCUMENT_ROOT /srv/users/serverpilot/apps/appname/public

    SSLEngine on

    SSLCertificateFile /etc/apache-sp/certs/appname/appname_com.crt
    SSLCertificateKeyFile /etc/apache-sp/certs/appname/appname.com.key
        SSLCertificateChainFile /etc/apache-sp/certs/appname/appname_com.ca-bundle

    ServerAdmin webmaster@
    DocumentRoot ${DOCUMENT_ROOT}
        ServerName appname
    ServerAlias appname.com
    ServerAlias www.appname.com


    RemoteIPHeader X-Real-IP
    SetEnvIf X-Forwarded-SSL on HTTPS=on
    IncludeOptional /etc/apache-sp/vhosts.d/appname.d/*.conf

    ErrorLog "/srv/users/serverpilot/log/appname/https_appname_apache.error.log"
    CustomLog "/srv/users/serverpilot/log/appname/https_appname_apache.access.log" common
</VirtualHost>

Save the file and restart your Apache server:

sudo service apache-sp restart

Done! Test it out by opening your site using https://  prefix, eg: https://www.yourdomain.com.

You may need to adjust your site’s settings to ensure all components are called using https://  instead of http:// , but that’s a whole different process and not going to be covered here.

2 Comments SSL certificate installation on DigitalOcean + ServerPilot (Apache)

  1. Gopi u

    Hello,
    i have recently Started My WordPress Blog on DigitalOcean…Now i’m Searching for the Best Way to Install Godaddy SSL on My Ubuntu Droplet…. Please Help Me..

    Reply
    1. Michael

      Not sure how I can help here. But generally SSL certificate installation on DigitalOcean droplet is similar to the tutorial I provided above. You only need to figure out the paths to the site if it was not installed through ServerPilot.

      Reply

Leave a Reply