Setup Let’s Encrypt SSL on free ServerPilot plan in less than 5 minutes | Ubuntu 16.04

ServerPilot an Let's Encrypt

This fast tutorial has been apply for all of my websites and my current site You can apply it under ServerPilot or under Ubuntu 16.04 environment.

Recently I have been using ServerPilot to configure all software stuff to run my WordPress Blog, ServerPilot is fast, easy to use, and I believe they have good configuration according to WordPress Self Hosting, the combination of software are:

Nginx in front of Apache. PHP-FPM and MySQL

This setup & configuration proved to be a good combination for WordPress, however, you run into little problem with setting up free SSL for your site. In order to have SSL on ServerPilot, you need to opt-in for Coach Plan $10 / month / server. That’s seem to be too much just for the SSL and monitor services. So I decided to install Let’s Encrypt SSL manually. The job is easy, please follow this guide:

Here is the full steps:

  1. Setup ServerPilot and install WordPress
  2. Install Certbot ( to deploying Let’s Encrypt certificates )
  3. Generate Cert for domain
  4. Edit Nginx Configuration file for domain
  5. Reload Nginx & Have your site SSL running
  6. Automatic Renew SSL

Setup ServerPilot and install WordPress

ServerPilot How to install SSL FREE

Please follow the ServerPilot guide to connect to your server, you will need fresh install of Ubuntu 16.04. Then install WordPress for your domain.

I assume this steps will be easy so I will skip it. Please check ServerPilot documents if you run into any problem.

Install Certbot ( to deploying Let’s Encrypt certificates )

Certbot is easy to use way you can install Let’s Encrypt without understanding or involve much of Certificate process. You can install certbot by:

$ sudo apt-get update $ sudo apt-get install software-properties-common $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install python-certbot-nginx

Certbot is ready to use.

Generate Cert for domain

We will use standard alone method, no need to automatic use nginx extension, first stop nginx:

 $sudo service nginx-sp stop $sudo certbot certonly Saving debug log to /var/log/letsencrypt/letsencrypt.log How would you like to authenticate with the ACME CA? ------------------------------------------------------------------------------- 1: Spin up a temporary webserver (standalone) 2: Place files in webroot directory (webroot) ------------------------------------------------------------------------------- Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 

Select 1 for “standalone” method.

 Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel): 

Enter your domain and you are done. You should see the success message:

 IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/ Your cert will expire on 2017-10-23. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" 

Well done! So now you only need to tell Nginx to use SSL for your domain and point to the certificate locaation at: /etc/letsencrypt/live/

Edit Nginx Configuration file for domain

Go to your domain config location:

cd /etc/nginx-sp/vhosts.d/ 

Your should see your domain config file as: yourdomain.conf

Edit the file and make some changes as following:

 server { listen 443 ssl; listen [::]:443 ssl; server_name ; ssl on; ssl_certificate /etc/letsencrypt/live/; ssl_certificate_key /etc/letsencrypt/live/; root /srv/users/serverpilot/apps/wpspeedinsight/public; access_log /srv/users/serverpilot/log/ main; error_log /srv/users/serverpilot/log/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-SSL on; proxy_set_header X-Forwarded-Proto $scheme; include /etc/nginx-sp/vhosts.d/wpspeedinsight.d/*.nonssl_conf; include /etc/nginx-sp/vhosts.d/wpspeedinsight.d/*.conf; } 

Reload Nginx & Have your site SSL running

Reload Nginx and if there is no issues, your site should be running under SSL now:

service nginx-sp restart

Automatic Renew SSL

$ sudo certbot renew --dry-run

If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:

$sudo certbot renew


Quite easy isn’t it. Your site should be running under SSL in less than 5 minutes, if you run into any trouble, please comment below and I will help.




Leave A Comment