Articles

How to Install an SSL Certificate on Your Site

Having an SSL certificate on your site is one of the best ways to build trust with your visitors, especially if your site is an ecommerce store. SSL creates a private, encrypted connection from your server to your visitors' browsers and allows personal information to be relayed without eavesdropping, tampering, or forgery.

ServerPilot offers two ways to deploy SSL on your site: by using one of ServerPilot's free AutoSSL certificates or by deploying a certificate you bought from a certificate authority (CA).

Once you have deployed SSL, you can then enable redirection to HTTPS.

Method One: Using AutoSSL

ServerPilot's AutoSSL issues, deploys, and renews trusted SSL certificates to your apps automatically.

Before AutoSSL will be available for an app, you must first add the app's domains in ServerPilot.

Once you've added your app's domains, you'll have an AutoSSL option available in your app's SSL tab.

Click Enable AutoSSL, and ServerPilot will enable SSL for your app using an AutoSSL certificate.

This certificate will be automatically renewed by ServerPilot before it expires.

Method Two: Providing Your Own SSL Certificate

This method will walk you through the complete process of buying your own SSL certificate and installing it through ServerPilot.

Step One: Generate an SSL Key and CSR

Generating an SSL key and certificate signing request (CSR) is the first step in making your website securely available over HTTPS.

Using ServerPilot is the easiest way to create your key and CSR.

First, go to your app's SSL tab in ServerPilot.

You'll see that SSL is not enabled.

Now, enter your app's domain followed by your location and organization name. Click Generate Key and CSR.

SSL will now show as enabled on your app, and ServerPilot will display your app's SSL key and CSR.

If you want more control over the creation of your SSL key and CSR or don't want to use ServerPilot's generator, refer to Method Two of our in-depth article on SSL key and CSR generation.

Step Two: Purchase a Signed SSL Certificate

After generating your SSL key and CSR, you will need to buy a signed SSL certificate from a CA. A CA issues the digital certificate verifying that you are the owner of your app's public key.

One option for an inexpensive SSL certificate is the PositiveSSL certificate from Namecheap. ServerPilot does not have any affiliation with Namecheap, PositiveSSL, or Comodo. We only mention this option because it is inexpensive, and we believe they will issue certificates that work when your domain is accessed both with and without www.

When buying your certificate, select Nginx as the server type. If Nginx is not available as an option from your CA, then select either Apache or Apache+OpenSSL.

You'll receive a file labeled YOUR_DOMAIN.crt. (This file might be contained within an archive with other files.)

Open the .crt file. Its content is your SSL certificate. Copy the content of your .crt file and return to your app's SSL tab in ServerPilot.

Paste the content of your .crt file into this field, and click Update SSL Key and Certs.

Now, visit your site using HTTPS to make sure your certificate works. It should load over HTTPS and display a little lock in the address bar.

If you have a single app that needs to use SSL for multiple domains, you will need a multi-domain SSL certificate.

If you have a single app on your server that will be using multiple subdomains, you will need a wildcard SSL certificate.

Forcing HTTP to Redirect to HTTPS

If you would like to ensure your users see the HTTPS version of your site when they visit, you can force SSL by redirecting all HTTP requests to HTTPS.

Simply click Redirect HTTP to HTTPS.