SSL Certificates. The famous green lock icon 🔓 next to an URL. From the customers perspective this is a sign of safety & trust. It has been shown that SSL secured websites get a higher ranking in search engines. As web technologies progresses, it is important to keep upfront to stay ahead of your competitors. Today we will show you how to install this green lock by installing a free SSL certificate from Let’s Encrypt.
For this demo we use a cloud instance at DigitalOcean using a Ubuntu 16.04.1 x64 distribution with Nginx and Apache preconfigured by ServerPilot.
The free version of ServerPilot does not offer SSL Certificates, so we have to install them manually.

Installing Certbot

Login to your server with serverpilot as your username.
Go to your user directory /srv/users/serverpilot if you weren’t there already.

We now need to download the Let’s Encrypt Certificate bot:

wget https://dl.eff.org/certbot-auto

To create a SSL Certificate we need to  request a certificate:

./certbot-auto certonly

It will start installing/updating itself and eventually asks you which domains you want installed.

Let's Encrypt domain form

For example, when you are installing the domain ruub.eu, you will also input ALL the subdomains: www.ruub.eu ruub.eu

Next, it will ask you where your webroot is located. For that, input this:

/srv/users/serverpilot/apps/RUUB/public

(replace RUUB with your app name)

Great, Certbot has been installed and your first certificate has been requested.

Configuring nginx

Now we have to tell nginx to use these certificates and where they are located.
For this to do we navigate to our nginx vhosts:

cd /etc/nginx-sp/vhosts.d/

In this directory, create a file called RUUB.ssl.conf and add this content:
(to create a new file: nano RUUB.ssl.conf)

Obviously, you need to replace RUUB with your own app name, both for the contents as the filename.
To save: Ctrl + X, select Yes (Arrow Up) and Enter.

To make sure nginx uses these new configurations, we have to restart it:

sudo service nginx-sp restart

Great, we did it! 🎉
You can stop here if you want your site to be available in both http and https. If not, continue reading.

Force SSL pages

Now we obviously want our visitors to be using our secure HTTPS website. We can manually force this by using a .htaccess redirect.
To do this, go into your main website folder cd /srv/users/serverpilot/apps/RUUB/public/ and paste the following code at the start of your .htaccess file:

RewriteCond %{HTTP:X-Forwarded-Proto} !=https
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI}[/fusion_text][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container][fusion_builder_container hundred_percent="yes" overflow="visible"][fusion_builder_row][fusion_builder_column row_column_index="1_1" type="1_1" layout="1_1" background_position="left top" background_color="" border_size="" border_color="" border_style="solid" spacing="yes" background_image="" background_repeat="no-repeat" padding="" margin_top="0px" margin_bottom="0px" class="" id="" animation_type="" animation_speed="0.3" animation_direction="left" hide_on_mobile="no" center_content="no" min_height="none" last="no" hover_type="none" link="" border_position="all"][fusion_text][R=302,L]

If you do not have a .htaccess file yet, go ahead and create one.

Renewing

Unfortunately, each Let’s Encrypt certificate expires in 3 months. So each 3 months you need to request a new one. Luckily you do not have to go through this whole process again, because I wrote this awesome script for you:

Create a new file in your main user directory and paste this code in there.
To make the newly created file an executable:

chmod +x certrefresh.sh

Add this file to your crontab to run each 3 months:

0 0 0 */3 * ~/certrefresh.sh

You’re done!