| title | excerpt | updated |
|---|---|---|
How to install an SSL certificate on a VPS |
Find out how to install an SSL certificate on an OVHcloud VPS |
2025-01-24 |
Securing your website is essential to protect your users' sensitive data and improve their trust. With an SSL certificate (Secure Sockets Layer), you can encrypt the exchanges between your visitors and your website, while strengthening its credibility. This guide documents the use of Let's Encrypt, a free and automated service.
Find out how to install an SSL certificate on an OVHcloud VPS.
Warning
OVHcloud provides services that you are responsible for with regard to their configuration and management. It is therefore your responsibility to ensure that they function properly.
We offer this tutorial to help you with common tasks. Nevertheless, we recommend contacting a specialist provider and/or the service's publisher if you encounter any difficulties. We will not be able to assist you. More information in the Go further section of this tutorial.
- A Virtual Private Server in your OVHcloud account
- Administrative access (sudo) via SSH to your server
- A functional website accessible in
HTTP
- Step 1 - Log in to your OVHcloud VPS
- Step 2 - Install Certbot
- Step 3 - Get an SSL certificate with Let's Encrypt
- Step 4 - Configure your web server
- Step 5 - Enable automatic renewal
- Download an SSH client like PuTTY or use your operating system's built-in terminal.
- Log in to your OVHcloud VPS with the login information provided:
ssh root@<vps_ip>Replace <vps_ip> with the IP address of your OVHcloud VPS.
Certbot is a tool to automatically manage Let's Encrypt certificates. Follow the steps below to install Certbot according to your Linux distribution.
[!tabs] Ubuntu/Debian
sudo apt update sudo apt install certbotCentOS
sudo yum install epel-release sudo yum install certbotFedora
sudo dnf install certbot
Verify that Certbot is properly installed by running the following command:
certbot --versionThis should show the version of Certbot installed.
[!primary]
If you have set up your web server (Nginx or Apache), we recommend using Certbot plugins to automate SSL configuration and enable
HTTPSredirections. These plugins simplify the installation by directly managing the configuration files of the web server.
Depending on your web server, use the corresponding command lines:
[!tabs] Nginx
Install the Certbot Nginx plugin:
sudo apt install python3-certbot-nginx -yGenerate the SSL certificate:
sudo certbot --nginx -d your_domainApache
Install the Apache Certbot plugin:
sudo apt install python3-certbot-apache -yGenerate the SSL certificate:
sudo certbot --apache -d your_domain
Certbot will automatically configure the SSL certificate and HTTPS redirection. Check that your website is accessible in HTTPS.
If you prefer to configure your server manually, use Certbot in standalone mode. This mode uses a temporary server built into Certbot to validate your domain name and generate an SSL certificate.
Use the following command to request a certificate:
sudo certbot certonly --standalone -d your_domainReplace your_domain with your domain name.
Warning
This method temporarily stops any service using port 80 (for example, another web server).
Once the certificate has been generated, the files are available in /etc/letsencrypt/live/your_domain/:
fullchain.pem: the full certificate.privkey.pem: the private key.
[!primary] If you have used the automatic solution (with Certbot plugins) before (Step 3) and your website is accessible in
HTTPS, go directly to the Step 5 of this guide.
1. Open your website's configuration file (for example, /etc/nginx/sites-available/your_domain.conf).
2. Add the following lines to activate SSL:
server {
listen 443 ssl;
server_name your_domain;
ssl_certificate /etc/letsencrypt/live/your_domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your_domain/privkey.pem;
# Paramètres de sécurité supplémentaires
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
# Redirection HTTP vers HTTPS
location / {
try_files $uri $uri/ =404;
}
}3. Add an automatic HTTP to HTTPS redirection:
server {
listen 80;
server_name your_domain;
return 301 https://$host$request_uri;
}4. Test and restart Nginx:
sudo nginx -t
sudo systemctl reload nginxCheck that your website is accessible in HTTPS.
1. Enable SSL modules and headers:
sudo a2enmod ssl
sudo a2enmod headers2. Modify your website's configuration (e.g. /etc/apache2/sites-available/your_domain.conf) to include:
<VirtualHost *:80>
ServerName your_domain
DocumentRoot /var/www/your_domain
Redirect permanent / https://your_domain/
<Directory /var/www/your_domain>
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/ssltest_error.log
CustomLog ${APACHE_LOG_DIR}/ssltest_access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName your_domain
DocumentRoot /var/www/your_domain
# Activer SSL
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/your_domain/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/your_domain/privkey.pem
# Paramètres de sécurité supplémentaires
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
<Directory /var/www/your_domain>
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/ssltest_error.log
CustomLog ${APACHE_LOG_DIR}/ssltest_access.log combined
</VirtualHost>3. Test and restart Apache:
sudo apachectl configtest
sudo systemctl restart apache2Check that your website is accessible in HTTPS.
Let's Encrypt certificates are valid for 90 days. Configure automatic renewal with Certbot:
Test automatic renewal:
sudo certbot renew --dry-runCertbot automatically configures a cron task or a systemd timer to manage renewal. Check its status with:
sudo systemctl list-timers | grep certbotFor specialized services (SEO, development, etc.), contact the OVHcloud partners.
Join our community of users.