LiteSpeed SSL Installation Guide with Easy Steps
Installing an SSL certificate on LiteSpeed helps secure your website and gives users confidence that they are communicating with a legitimate site. When you install SSL Certificate on LiteSpeed, it encrypts data between the server and browser, preventing snooping of sensitive information. Additionally, SSL activates the padlock and https protocol in the browser, signaling to users that the site is secure. Installing an SSL Certificate on LiteSpeed is an important step in ensuring the security and trustworthiness of your website.
This article provides a step-by-step guide to installing different types of SSL certificates on LiteSpeed, with a focus on the popular Single Domain SSL and Wildcard SSL certificates. We cover purchasing or generating the certificates from various certificate authorities, importing them into LiteSpeed, and properly configuring settings to activate SSL protection.
Key Takeaways on Install SSL Certificate in LiteSpeed Web Server
- SSL certificates encrypt data between server and browser to prevent snooping. This activates the padlock and https in the browser.
- You must purchase or generate an SSL certificate from a certificate authority like Let’s Encrypt, Comodo, DigiCert, etc.
- Install the certificate on your server, then import it into the LiteSpeed WebAdmin console under SSL/TLS Manager.
- Add a HTTPS binding for port 443 in WebAdmin and select the installed certificate.
- Configure redirect settings from http to https in WebAdmin to force SSL connections.
Prerequisites Before Installing an SSL Certificate
Before starting, make sure that:
- You have LiteSpeed Web Server installed and running on your server. It must be version 5.0 or higher.
- You have access to the LiteSpeed WebAdmin console. WebAdmin is available at https://yourdomain:7080 by default.
- You have administrative login credentials for WebAdmin.
- You own the domain name you want to activate SSL for. You cannot get certificates for domains you do not own.
- You have Control Panel access to manage DNS records for your domain.
- Port 443 is open on your server firewall.
- You use separate dedicated IP addresses for each domain certificate.
4 Easy Steps to Install SSL Certificate in LiteSpeed
Follow these step-by-step guide to install SSL Certificate in LiteSpeed server.
- Install the SSL Certificate
- Import the SSL Certificate
- Configure SSL Binding in WebAdmin
- Set Up HTTP to HTTPS Redirect
Step 1 – Install the SSL Certificate
Once you have the SSL certificate file from the CA, it needs to be installed on your LiteSpeed server.
You will receive a zipped package that contains a bundle of certificate files in different formats. They include:
- Your certificate (with public key): .crt file
- Private key: .key file
- Intermediate certificates: .ca-bundle file
- Certificate Authority root certificate: .crt file
The exact files may vary slightly by the CA. The key and crt files for your domain are required. The CA root establishes a chain of trust and intermediate certificates help with wider browser support.
Follow these steps to install the certificate files on LiteSpeed:
- Extract the unzipped certificate package on your local computer first.
- Locate the .key, .crt, and any .ca bundle files. The CA root may sometimes be bundled with the intermediates.
- Use SFTP/FTP to upload these files into a new folder on your LiteSpeed server. For example, you could create an /ssl folder in the home directory.
- Take note of the full file paths after uploading. This helps when importing the certificate into LiteSpeed.
- Make sure permissions are set to 600 on the .key file, and 644 on the .crt/.ca files.
- For better security, the private key should only be accessible by the root owner and LiteSpeed user.
The certificate is now installed on the server. Next we’ll import it into the WebAdmin console.
Step 2: Import the SSL Certificate
Now that the certificate is uploaded to your LiteSpeed server, the next step is importing it into the WebAdmin console. This makes it visible to LiteSpeed and allows activating it for your domain.
- Log into the LiteSpeed WebAdmin console at https://yourdomain:7080 with your username and password.
- Go to the SSL/TSL Manager in the left sidebar.
- Click Import Certificate on the top right.
- Enter a Label name for identifying this certificate. For example, “Example Domain Comodo SSL”.
- Click Browse and navigate to the Private Key .key file path on the file system and select it.
- Click Browse again and navigate to the main Certificate .crt file path and select it.
- If you have any Intermediate Certificates from a .ca bundle file, click Browse to add them too.
- Click OK to complete the import process once all certificate files are selected.
The SSL certificate will now appear in the “Certificates” tab under SSL/TLS Manager.
Now when you create SSL bindings, this imported certificate will be available to select.
Next, we’ll go through the steps to activate SSL for a domain using the imported cert.
Step 3: Configure SSL Binding in WebAdmin
To activate SSL for a domain, you need to add a new SSL binding for port 443 in WebAdmin. This binds the domain to the imported SSL certificate.
Follow these steps:
- Go to the Listener menu in WebAdmin.
- Click your HTTP listener (usually *:80 by default).
- Click Edit on the Listener.
- Scroll down to the SSL
- Click Add SSL Binding.
- In the new popup, set:
- Port: 443
- Address: 0.0.0.0 (All IP’s)
- Certificate: Select the imported SSL cert for this domain.
- Click OK to save the new SSL binding.
- A new *:443 binding should now appear under the Listener bindings.
- Scroll down and make sure Enable HTTP/2 is checked to allow HTTP/2 connections over SSL.
- Click Save at the bottom to save changes to the Listener.
This will add a new HTTPS binding and attach your SSL certificate to port 443 for the domain.
The final part is to configure redirect settings to force all http traffic to https.
Step 4: Set Up HTTP to HTTPS Redirect
To ensure all connections use SSL, you need to set up a permanent redirect from HTTP to HTTPS in LiteSpeed’s rewrite module:
- Go to the Rewrite menu in WebAdmin.
- Click Add Rewrite Rule on the top right.
- Set the Regular Expression to:
^(.*)
- Set the Substitution URL to:
https://%{SERVER_NAME}/$1- Check the Redirect
- Set status code to 301 Permanently Moved.
- Click OK to save the redirect rule.
You can now test accessing your site via HTTPS and verify the padlock icon and SSL certificate details. HTTP access should automatically redirect to HTTPS.
How to Activating SSL on Multiple Domains
If you need to secure multiple domains on your LiteSpeed server, there are a couple approaches:
Wildcard SSL Certificates
A Wildcard SSL like *.example.com covers example.com plus unlimited subdomains like mail.example.com, login.example.com, etc. Just follow the same installation steps as above and add bindings for each subdomain.
The downside is you can only secure subdomains of a base domain: not entirely different domains.
Multi-Domain (SAN) SSL Certificates
A Multi-Domain (SAN) SSL certificate allows securing multiple different domains in a single SSL certificate. For example, you could add example.com, example.net, example.org, etc.
During the CSR generation process, you can enter all the domains you need to secure. Follow the standard installation process in LiteSpeed to activate the multi-domain SSL.
The drawback is multi-domain SSL costs more than wildcard certificates for each additional domain.
Individual Domain Certificates
Another option is to purchase individual domain certificates for each different domain you need to secure. The process is the same as described in this guide, just repeat it for each unique domain.
The main downside is cost since single domain certificates are more expensive than wildcards and SAN certificates. However, it simplifies management if you have dozens of separate domains/properties.
Renewing LiteSpeed SSL Certificates
SSL certificates have an expiration date set by the Certificate Authority, usually 1-3 years from issuance. You will need to renew the certificates periodically to maintain security for your domains.
The process for renewing LiteSpeed SSL certificates is very similar to the initial setup:
- When your certificate is about to expire, purchase a renewal from the same CA. Most CAs allow streamlined renewals through your account dashboard.
- Download the renewed certificate zip package and re-install the new files on your LiteSpeed server overwriting the expired ones.
- Re-import the new certificate into LiteSpeed WebAdmin via SSL/TLS Manager.
- Click “Reload” on the old certificate bundle to load the renewed cert.
Troubleshooting LiteSpeed SSL Issues
If you are having issues getting SSL working properly on your LiteSpeed server, here are some troubleshooting tips:
- Use Qualys SSL Labs Tester to analyze your domain and inspection for any configuration issues.
- Check the loaded certificate in WebAdmin to verify it matches the domain you are accessing and is not expired.
- Confirm port 443 is open in your server firewall if you are getting connection failures.
- Try accessing the domain via IP address instead of server name to test if there are any DNS resolution problems.
- Clear your browser cache/cookies and test different browsers if you are redirect loop errors.
- Look for helpful error messages in the LiteSpeed error log if connections are failing.
- Re-import the certificate and double check path values if LiteSpeed is failing to bind the certificate to the port.
- Seek assistance from LiteSpeed’s technical support team if you are unable to resolve the problems.
Conclusion on Install SSL Certificate on LiteSpeed
Installing SSL certificates on LiteSpeed provides powerful security for your websites and applications. By encrypting traffic between the client and server, sensitive data is protected from interception and spoofing.
We walked through purchasing or generating SSL certificates from any trusted CA, installing the certificate files on your LiteSpeed server, importing the certificate into WebAdmin, configuring HTTPS bindings, and setting up http to https redirects.
Activating SSL should be one of the top priorities for any public-facing websites that handle user logins, payments, or private data. Going through the process of enabling HTTPS ensures your users have a secure, encrypted experience.
There are also SEO benefits of SSL, with Google favoring sites that utilize https and SSL. Overall, taking the time to set up SSL on your LiteSpeed servers is a worthwhile investment that pays dividends through increased security, trust, and potentially better search rankings.
Frequently Asked Questions
What types of SSL certificates can I use with LiteSpeed?
LiteSpeed supports standard SSL certificates like single domain, wildcard, and multi-domain. It also supports Organization Validated (OV) and Extended Validation (EV) certificates.
How do I generate a CSR for my SSL certificate on LiteSpeed?
In the LiteSpeed admin console, go to SSL > Manage Certificates. Click Create New Certificate Signing Request. Enter your domain name and details. Click Generate, then copy the CSR.
Where do I paste the SSL certificate on LiteSpeed after purchase?
After purchasing an SSL certificate, log into LiteSpeed and go to SSL > Manage Certificates. Paste your SSL certificate, key, and intermediates into the respective fields. Click Save Changes.
How do I set up HTTPS enforcement on my site with LiteSpeed?
In the LiteSpeed admin, go to WebAdmin Settings > General > Security. Check the box for “Enable LiteSpeed Cache for RESTful API”. This will enforce HTTPS sitewide.
