Install Letsencrypt SSL on ServerPilot Free Plan

To install Let’s Encrypt free SSL certificate with auto-renewal on your server (managed by ServerPilot), sign into your server as root and clone my script by executing this command:

sudo git clone https://github.com/rehmatworks/serverpilot-letsencrypt.git && cd serverpilot-letsencrypt && sudo mv sple.sh /usr/local/bin/rwssl && sudo chmod +x /usr/local/bin/rwssl && (crontab -l ; echo "@monthly \"sudo service nginx-sp stop && yes | letsencrypt --standalone renew &>/dev/null && service nginx-sp start && service nginx-sp reload\"")| crontab - && service cron reload

Now a command rwssl will become available for you. Just type rwssl and hit enter in your terminal (keeping yourself signed-in as root):

rwssl

You will be asked to provide some details and the SSL will be installed within a minute or two if all goes fine.


Didn’t get what I said? Below is a detailed guide.

The paid plan of ServerPilot is priced at $10 per month which allows you to enable Let’s Encrypt SSL with a single click. But if you don’t want to spend that $10 and still need to enable SSL on your apps, then you can use a simple bash script that I’ve written a few months ago. This bash script allows you to get a free SSL certificate for your domains from Let’s Encrypt. As the SSLs from Let’s Encrypt are valid for 3 months, so you have to renew the SSLs every 3 months. Don’t worry, you will not need to perform the renewal yourself as the script adds a CRON job that will renew your expiring SSLs every month.

How to Install the SSL:

In short, there are 3 simple steps to install Let’s Encrypt free SSL on your ServerPilot server:

  1. Sign in to your server as root via SSH
  2. Clone my repository from GitHub
  3. Execute the command to install the SSL

It’s that simple. You don’t need to create virtual host files or you don’t need to configure any CRON jobs for auto-renewal of the certs. Everything is automated and the script will install and configure the SSL for you.

Now let’s talk in a little depth about all this process.

First of all, sign into your server via SSH as root and execute this command:

sudo git clone https://github.com/rehmatworks/serverpilot-letsencrypt.git && cd serverpilot-letsencrypt && sudo mv sple.sh /usr/local/bin/rwssl && sudo chmod +x /usr/local/bin/rwssl && (crontab -l ; echo "@monthly \"sudo service nginx-sp stop && yes | letsencrypt --standalone renew &>/dev/null && service nginx-sp start && service nginx-sp reload\"")| crontab - && service cron reload

P.S.: In addition to new installations, existing users of the script can run this command to update their script to the latest available release.

If you get an error saying that ‘git’ command isn’t available, then you will have to install it by typing ‘apt-get install git’.

Once you will execute the command I mentioned above, the bash script will be copied to your server and will be made executable via a command rwssl. Moreover, the auto-renewal CRON job will be added as well. Now you can start installing SSL certs for your sites by executing the script like this:

rwssl

You just need to type rwssl and press enter. You will be asked to provide the necessary information and the SSL will be installed within a minute or two if all goes well.

Note: For the latest version of the script, you don’t need to execute these separate commands with arguments. Simply run the script as rwssl and it will ask you for the required info. This information is here as a reference for the users of the old script who haven’t updated their script yet.

For Main Domains (For old script):

rwssl install example.com app_name main

For Sub Domains (For old script):

rwssl install sub.example.com app_name sub

P.S.: You will have to replace the red highlighted values (domain name and app name) with real values.

Update:

I’ve updated the script recently and now you don’t need to enter the arguments on the command line. You can clone the latest version of the script to your server and then simply execute rwssl command without any arguments. You will be prompted to provide the required information and the SSL will be installed on your server within a minute.

That’s it. SSL will be installed if all goes well. In case you get any errors during all this process, ensure that you are logged in as the root user or a sudoer as well as your domain is already pointing to your server. If your domain’s DNS isn’t pointed to your server, then Let’s Encrypt will unable to verify your ownership of the domain and it will not issue the cert.

The script for this ServerPilot SSL automation is hosted at GitHub here. Don’t forget to give it a star if this helps you :). Do you have any questions? Ask below in comments.

Rehmat

A web developer, server administrator and a blogger from Gilgit-Baltistan, Pakistan.

73 Comments

You can post comments in this post.


  • Thanks Rehmat, this is the easiest SSL script for serverpilot ever!

    Matt 2 months ago Reply


    • Glad to know that you found it easy and helpful 🙂

      Rehmat 2 months ago Reply


  • Great Article…. is renewing the certificate as easy? Do you just run the install script again?

    Andrew 2 months ago Reply


    • Hi, Andrew,
      The auto-renewal is automated. You don’t need to do anything. Just install the SSL and all SSLs will be renewed automatically. The script adds a CRON job for this renewal.

      Rehmat 1 month ago Reply


      • Brilliant. Thanks again for the great article and script.

        Andrew 1 month ago Reply


  • i tried this and got message SSL should have been installed for techrobust.com with auto-renewal (via cron)
    but still the url with https:// is not working
    i pointed a record for the server the website with http working fine
    where i am wrong?

    karthikeyan 1 month ago Reply


  • /usr/local/bin/rwssl: line 144: /etc/nginx-sp/vhosts.d/websiteserver-ssl.conf: Permission denied

    karthikeyan 1 month ago Reply


    • Seems like you aren’t running the script as root or with sudo privileges. If you have the root privileges, then rerun the script and it should install the SSL on your site. Please ensure that your domain is pointing to your server directly and you aren’t using any CDN like Cloudflare etc.

      Rehmat 1 month ago Reply


  • Hi,
    I try to do this several time but when I receive the message: Checks passed, press enter to continue.. I press enter and not work anymore… Do you know why?
    Thanks for all

    Francisco Centeno 1 month ago Reply


    • Hi,
      Have you tried rebooting your server?

      Rehmat 1 month ago Reply


  • Hi,
    when I run the install command to setup SSL for a domain all I get is
    “Stopping nginx-sp: nginx-sp.
    Checks passed, press enter to continue”

    and then nothing happens, I have to restart nginx manually and there is no active SSL

    Any ideas what I’m doing wrong?

    Kris 1 month ago Reply


    • Hi,
      Please try rebooting your server and run the script. If errors persist, post the details below.

      Rehmat 1 month ago Reply


      • Hi Rehmat,
        it persists, but stucks on other step

        ***@***:~/serverpilot-letsencrypt# rwssl install ***.com *** main
        What do you want to do with Let’s Encrypt? (install/uninstall): install
        Enter your domain name (Don’t include www): ***.com
        Enter your ServerPilot app name: ***
        Is this a main domain or sub-domain? (main/sub): main
        Let’s Encrypt libs not found. Installing the libraries….
        Stopping nginx-sp: nginx-sp.
        Ready to install, press enter to continue

        *** are just for hiding domain and app

        It stucks at ready to install, nothing is happening later

        Kris 4 weeks ago Reply


        • Hi Kris,
          Please specify the Ubuntu version and other specs of your system and I’ll do a specific check as I’ve found several other users complaining about the same issue. Thanks!

          Rehmat 4 weeks ago Reply


          • Thanks, very easy to install, although I’m getting the same issue.

            Ready to install, press enter to continue

            Pressing Enter doesn’t do anything and it just hangs.

            Server is:
            Ubuntu 14.04.3
            512MB Ram
            20GB Disk

            Any ideas?

            Daniel 3 weeks ago


          • Hi Daniel, please clone the repo again as I’ve fixed the bugs on Ubuntu 14.x. The updated script should work without any issue now.

            Rehmat 2 weeks ago


          • Hi Rehmat,
            with the latest update it works 🙂

            I only have problem with one domain, it returns
            “SSL cannot be obtained at the moment. Please try again.”

            All other didn’t return any problem and SSL is working.
            Any ideas what’s wrong?

            Kris 6 days ago


          • Nevermind my previous problem,
            the error appears only if you don’t have CNAME for www 🙂
            Now it works!

            Many thanks!

            Kris 6 days ago


          • Glad to know that you made it work for you.

            Rehmat 4 days ago


  • Job for nginx-sp.service failed because the control process exited with error code. See “systemctl status nginx-sp.service” and “journalctl -xe” for details.

    This error pops up as soon a domain is added, i checked the log and nothing is created under “/etc/letsencrypt/live/……..” i played with permissions and none worked. any idea ?

    Dude 1 month ago Reply


    • Hi, did you run this as root? If yes, then no need to play with the permissions. Regarding the error, I feel that there are manually created SSL vhosts. If you have attempted to install the SSL manually before and have created vhots manually, then delete them first. Moreover, delete the let’s encrypt directory (/etc/letsencrypt) as well and then use the script to install SSLs. Everything should work smoothly.

      Rehmat 1 month ago Reply


  • This is amazing man, two thumbs up!!

    ALex 1 month ago Reply


    • Glad to know that you liked it 🙂

      Rehmat 1 month ago Reply


      • When navigating to the www. version of my website, do you know why it gives me an error in the browser of ” YOUR_DOMAIN uses an unsupported protocol.
        ERR_SSL_VERSION_OR_CIPHER_MISMATCH” ? Thanks!

        Cameron 1 month ago Reply


        • Hi Cameron, did you install the SSL by choosing ‘main’ option?

          Rehmat 1 month ago Reply


          • No I did not, installing it for sub-domains only. The WWW version of the sub-domain gets that error.

            – Alex

            Cameron 1 month ago


          • Sub-domains don’t contain www or you have to manually create the records (A, CNAME) for them. Just go ahead and choose the sub-domain option to install the SSL. Don’t enter www and all should go fine.

            Rehmat 1 month ago


  • Hy bro my Site is Already Live on linode with webuzo panel i am also integrate Cloudflare on it and install SSL certificate Generated from SSLFORFREE (.) COM but now i want to migrate mu website on Serverpilot because i am facing some minor database issues on webuzo my friend tell me that webuzo have some issue like that so i migrate my website and install your SSL script it was installed successfully but when i open my site in browser it was showing an 502 or 521 error … So my questions are is are is any SSL scirpt which i used on my website with cloudflare and the 2nd one is i know you are doing greate work in linux and u have great knowledge so please tell mai webuzo panel free version have database bugs or not my webiste have lots of images so i was get 1 or 2 times error establishing database connention error but when i restart my sql datase everything was ok so please answer my questions bro thanks

    Nouman 1 month ago Reply


    • Hi Nouman, don’t use Webuzo, I don’t recommend it. Use ServerPilot and you will get a robust environment. To use the SSL script, you need to disable CloudFlare first and point your domain (DNS) directly to your server as Let’s Encrypt verifies your domain’s ownership before issuing the SSL and CloudFlare has conflicts in this procedure. Once your SSL is active, you can turn CloudFlare on. Let me know either this helps or not.

      Rehmat 1 month ago Reply


      • But Rehmat bhai the Problem is that My Website Getting Daily Traffic and 30+ Real-time users … Because the Website is new and is in ranking stage Downtime is not good for it. As you Said Disable Cloud-flare and Use Server DNS, with this Website will Down for few minutes may be for hours which is not good … Please Suggest me what i do for these issues. Can i Ping u Personal on Facebook i am friend of you on FB

        Nouman 1 month ago Reply


        • There shouldn’t be any downtime at all. Just disable the CDN in cloudflare control panel and your domain’s traffic will not pass through CloudFlare. Once SSLs are configured, enabled the CDN again. This will not result in any downtime.

          Rehmat 1 month ago Reply


          • You means that Only Disable CDN from Cloud-flare ? No Need to Replace Cloud-flare Timeservers with Server Name-servers on Domain ?

            Nouman 1 month ago


  • Sorry Name-Servers*

    Nouman 1 month ago Reply


    • Yes, just disable CloudFlare

      Rehmat 1 month ago Reply


  • I tried this on a fresh ServerPilot install as root, and everything went well until I tried to restart nginx.

    Got this error “Job for nginx-sp.service failed because the control process exited with error code. See “systemctl status nginx-sp.service” and “journalctl -xe” for details.”

    $ nginx-sp gives me “nginx: [emerg] BIO_new_file(“/etc/letsencrypt/live/skipilots.com/fullchain.pem”) failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(‘/etc/letsencrypt/live/skipilots.com/fullchain.pem’,’r’) error:2006D080:BIO routines:BIO_new_file:no such file)”

    Any idea?

    Robby Milo 1 month ago Reply


    • Hi Robby, seems like the SSL wasn’t generated successfully. Re-run the script and it should fix the issue. If not, delete all content in /etc/letsencrypt and that should fix the issue.

      Rehmat 1 month ago Reply


  • this script worked for me thanks Rehamt.

    Basit 4 weeks ago Reply


    • Glad to know that it worked for you 🙂

      Rehmat 4 weeks ago Reply


  • Thank you Rehmat, please can you tell how to use SSL for more main/sub domain on same server where i have installed SSL as per your instruction and it is working fine for one domain.

    Regards,

    Zubair Hussain 3 weeks ago Reply


    • Hi Zubair,
      You can enable SSL for your all domains by executing the same (rwssl) command. Are you asking for bulk SSL install option?

      Rehmat 3 weeks ago Reply


  • Ready to install, press enter to continue

    Hanging on the above.
    Ubuntu 14.04.5 LTS

    Daniel 3 weeks ago Reply


  • I’ve tried to give this script a shot on a fresh install but it always seem to cause issues with nginx-sp for me. Everytime I try the install on my main domain I get the same error as mentioned above

    “Job for nginx-sp.service failed because the control process exited with error code. See “systemctl status nginx-sp.service” and “journalctl -xe” for details.”

    After running nginx-sp -t I get this:

    nginx: [emerg] BIO_new_file(“/etc/letsencrypt/live/username/fullchain.pem”) failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(‘/etc/letsencrypt/live/username.com/fullchain.pem’,’r’) error:2006D080:BIO routines:BIO_new_file:no such file)
    nginx: configuration file /etc/nginx-sp/nginx.conf test failed

    I’ve tried uninstalling/reinstalling and deleting the letsencrypt directory from /etc as per above but cant get it to work. nginx-sp starts backup when I uninstall the script and restart it but I can’t restart with it installed unforuantely.

    Anything else I could try?

    Dee 3 weeks ago Reply


    • Can you please clone the repo again and try the updated script? I’ve addressed some bugs and it should now work for you.

      Rehmat 2 weeks ago Reply


  • I could give you the biggest hug right now!! This was THE EASIEST script EVER!!

    erika 2 weeks ago Reply


    • Glad to know that you found it to be easy 🙂

      Rehmat 2 weeks ago Reply


  • Thank you for this script. While I can use your script to create a cert for a sub-domain, when I try to do so from my main domain, I get this error: SSL cannot be obtained at the moment. Please try again.

    Jason Pearce 2 weeks ago Reply


    • If it helps, I am migrating my site from server A to server B (both ServerPilot). Server A already had letsencrypt signing a cert with my domain. By chance do I have to inform letsencrypt that the domain and cert are moving from IP address A to a new IP address B? Could this be a reason why the script works on newly-created subdomains but not my main domain?

      Jason Pearce 2 weeks ago Reply


      • Hi Jason,
        You shouldn’t need to inform Let’s Encrypt for this change as this happens normally. Let’s Encrypt just verifies your control on the domain and if DNS has propagated fully and the domain is pointed to your new server, then a new SSL should be issued. Can you verify that the domain is fully pointed to your new server? Check for both IPv4 and IPv6 addresses and ensure that the DNS is updated. You should give this a try after some time and it should work.

        Rehmat 2 weeks ago Reply


        • Thank you (for the prompt reply and script). I likely did not give DNS enough time, for I wanted to limit the time the new server (Server B) was without https. This up to 48-hour DNS wait time is tricky when moving an online store from Server A to Server B. I’ll get it another shot this weekend when traffic is lighter. Since the subdomain worked and I was impatient, I bet you are right.

          Second question. In ServerPilot, you may assign more than one domain to an app (in my case, WordPress). By default, ServerPilot will create example.com and http://www.example.com. But I could also add server-b.example.com and/or dev.example.com to the same application. How would I use your script to have all of these domains within a single app within a LetsEncrypt certificate? By chance does your script “discover” all of the ServerPilot-created domains that belong to an app and include them in the Subject Alternative Name part of the cert?

          The reason I may want example.com, http://www.example.com, and dev.example.com all associated with the same WordPress site and ServerPilot app is that I could configure CloudFlare DNS to protect example.com and http://www.example.com, but not dev.example.com. That lets me test things with and without CloudFlare security features quite easily. I understand this may be an unusual and complex request that is beyond the scope of your script and what you’re trying to provide. Just thought I’d ask.

          Again, thanks for creating and sharing your work.

          Jason Pearce 1 week ago Reply


          • The DNS propagation time shouldn’t be 48 hours as it propagates quickly these days. One more thing, were you using CloudFlare when you attempted to obtain the SSL? If yes, then that’s the issue. Just pause CloudFlare and activate it again after the SSL is issued. If all this doesn’t work, then you can simply copy the issued SSL (cert files) from your old server to the new server manually. Regarding multiple domains for an app and Let’s Encrypt, currently, my script doesn’t discover the domains but you can execute it multiple times for each domain (providing the same app name) to obtain SSLs. I hope this helps.

            Rehmat 1 week ago


  • Hello! Installing for a subdomain tells me “SSL can not be obtained at the moment. Please try again.” I am doing something wrong? Thank you!

    Carina 1 week ago Reply


    • Hi Carina, are you using some sort of CDN like CloudFlare or the DNS is propagated? Check and confirm that your sub-domains are pointed to your server directly and then try to obtain the SSL again. It should work if there aren’t any DNS related issues.

      Rehmat 1 week ago Reply


  • Hello there!

    When I try to activate for a site, it says

    “Ready to install, press enter to continue”

    When I press enter, it stucks and nothing happens. My nginx-sp remain inactive until i manually restart it.

    İlter 1 week ago Reply


    • Hi İlter, did you use the most-recent script from GitHub? The latest update should fix all issues like you mention.

      Rehmat 1 week ago Reply


    • Same here. Cant get it to do anything.

      Craig Lovell 4 days ago Reply


      • Hi Craig,
        Can you please mention the specs of your server?

        Rehmat 4 days ago Reply


  • Hello,

    I have tried using your code but getting error after running the script “SSL cannot be obtained at the moment. Please try again.”

    I am running serverpilot WordPress App in Digitalocean Server and Logged in as root.

    Any suggestions what I might be missing?

    Thanks in Advance for the amazing script !! 🙂

    Abhishek Rijal 6 days ago Reply


    • Hi Abhishek,
      Are you using any sort of CDN like CloudFlare? This seems to be a DNS related issue.

      Rehmat 6 days ago Reply


  • Hi, Thanks for the script 🙂

    How to remove SSL and your script after it has been installed and ssl has been configured? Basically, how to revert all the changes caused by your script?

    Divij 5 days ago Reply


    • Hi Divij,
      The script just installs the official Let’s Encrypt libs if not found. Apart from that, virtual hosts are added for your domains. If you want to completely remove the script and all its changes, first of all, remove letsencrypt by executing apt remove letsencrypt after that, exeute the command rwssl, choose uninstall as option and uninstall your installed SSLs. Lastly, delete the script from /usr/local/bin/rwssl and that’s it.

      Rehmat 4 days ago Reply


      • Thanks for your prompt reply. I am using a previous version of the script. To update the script so that I have the latest version, I just need to enter the following command, right?

        sudo git clone https://github.com/rehmatworks/serverpilot-letsencrypt.git && cd serverpilot-letsencrypt && sudo mv sple.sh /usr/local/bin/rwssl && sudo chmod +x /usr/local/bin/rwssl && (crontab -l ; echo “@monthly \”sudo service nginx-sp stop && yes | letsencrypt –standalone renew &>/dev/null && service nginx-sp start && service nginx-sp reload\””)| crontab – && service cron reload

        Divij 4 days ago Reply


        • Yes, just run this command and the updated script should work perfectly on your server. There were some issues on Ubuntu 14.x with the older version of the script.

          Rehmat 4 days ago Reply


          • I am using a previous version of the script on my Ubuntu 16.04 install and it seems to be working fine. Do you suggest updating to the latest version? Will there be any changes in terms of functionality if the existing old script is working fine? You can see the exiting version of the script I am using here- http://textuploader.com/dl3ua

            Divij 4 days ago


          • On Ubuntu 16.04, the older script should be fine but I recommend you to pull the updated one as I’ve improved it considerably. In addition, the new script is simpler in terms of usage as well where you just need to type rwssl and then you will be prompted to enter the required information.

            Rehmat 4 days ago


  • Will update, Thanks again 🙂

    Divij 4 days ago Reply


  • Thanks for this amazing tip. For some reason, I ran into a problem at the end of the installation. I’m not sure if it has something to do with a Cloudflare (Full strict). Server is Ubuntu Xenial (16.04 latest).

    Error:

    “Ready to install, press enter to continue

    SSL cannot be obtained at the moment. Please try again.”

    Any tips?

    Mrks 2 days ago Reply


    • Hi,
      Yes, it’s because of CloudFlare as the domain is pointing to CloudFlare server. You will have to pause CloudFlare while obtaining the SSL and activate CloudFlare again once Let’s Encrypt issues the SSL. I hope this helps.

      Rehmat 1 day ago Reply


  • Hi Rehmat, I have the same problem, its giving me a SSL cannot be obtained at the moment. Please try again later error. I am not running cloudflare and did an nslookup and DNS is propagated correctly. Is there something else I should try? I am running a vps on digitalocean

    Alex 1 day ago Reply


    • Hi Alex, can you verify that both www and non-www versions of the domain point to the server properly?

      Rehmat 21 hours ago Reply


      • That was it Rehmat! I forgot to add the non-www version. A million thanks!

        Alex 21 hours ago Reply


        • You are welcome! Glad to know that you sorted it out 🙂

          Rehmat 10 hours ago Reply


  • Hello omg this work 100% , lo uso en mis 2 pagianas que tienen mas de 3millones de visitas mensuales ya no tengo que pagar mas por ssl gracias!!!

    abner 1 hour ago Reply


    • Glad to know that it worked for you 🙂

      Rehmat 3 hours ago Reply


Post A Reply