These notes are based on this.

Install GIT and BC.

sudo apt-get install git bc

Get the latest version of LetsEncrypt using GIT, placing it in /opt/.

sudo git clone /opt/letsencrypt

For the next step, we’re going to need access to Port 80, so temporarily shut down your webserver.

service lsws stop

Run LetsEncrypt.

cd /opt/letsencrypt
./letsencrypt-auto certonly --standalone -d

# You can include multiple "-d" strings to certify multiple domains

The first time this runs, it’s going to ask for an e-mail address.

If everything worked correctly, you’ll find your certificate files here:


Where is your domain name.

Next, inside your OpenLiteSpeed configuration, go in to your Listener->SSL settings. Add or modify them as follows:

Private Key: /etc/letsencrypt/live/

Certificate File: /etc/letsencrypt/live/

Chained Certificate: Yes

The rest of the fields should be blank.

That’s it. Start the server.

service lsws start

Updating your certificates

Your certificate is good for 90 days, but it’s recommended you update it every 60.

Updating is exactly the same as requesting, and requires you free up Port 80!

cd /opt/letsencrypt
./letsencrypt-auto certonly --standalone -d

That will overwrite the certificate. The new certificate will be good for another 90 days.

I haven’t automated this myself yet, but there are suggestions how to do this in the article linked at the top.