Using LetsEncrypt with OpenLiteSpeed on Ubuntu

These notes are based on this.

Install GIT and BC.

Get the latest version of LetsEncrypt using GIT, placing it in /opt/.

For the next step, we’re going to need access to Port 80, so temporarily shut down your webserver.

Run LetsEncrypt.

The first time this runs, it’s going to ask for an e-mail address.

If everything worked correctly, you’ll find your certificate files here:

Where example.com is your domain name.

Next, inside your OpenLiteSpeed configuration, go in to your Listener->SSL settings. Add or modify them as follows:

Private Key: /etc/letsencrypt/live/example.com/privkey.pem

Certificate File: /etc/letsencrypt/live/example.com/fullchain.pem

Chained Certificate: Yes

The rest of the fields should be blank.

That’s it. Start the server.

Updating your certificates

Your certificate is good for 90 days, but it’s recommended you update it every 60.

Updating is exactly the same as requesting, and requires you free up Port 80!

That will overwrite the certificate. The new certificate will be good for another 90 days.

I haven’t automated this myself yet, but there are suggestions how to do this in the article linked at the top.