How to install an SSL certificate on a VPS

Knowledge Base

KB0066242

How to install an SSL certificate on a VPS


Icons/System/eye-open Created with Sketch. 704 Views 24.01.2025 Cloud / Virtual private servers

Objective

Securing your website is essential to protect your users' sensitive data and improve their trust. With an SSL certificate (Secure Sockets Layer), you can encrypt the exchanges between your visitors and your website, while strengthening its credibility. This guide documents the use of Let's Encrypt, a free and automated service.

Find out how to install an SSL certificate on an OVHcloud VPS.

OVHcloud provides services that you are responsible for with regard to their configuration and management. It is therefore your responsibility to ensure that they function properly.

We offer this tutorial to help you with common tasks. Nevertheless, we recommend contacting a specialist provider and/or the service's publisher if you encounter any difficulties. We will not be able to assist you. More information in the Go further section of this tutorial.

Requirements

  • A Virtual Private Server in your OVHcloud account
  • Administrative access (sudo) via SSH to your server
  • A functional website accessible in HTTP

Instructions

Summary

Step 1 - Log in to your OVHcloud VPS

  1. Download an SSH client like PuTTY or use your operating system's built-in terminal.
  2. Log in to your OVHcloud VPS with the login information provided:
ssh root@<vps_ip>

Replace <vps_ip> with the IP address of your OVHcloud VPS.

Step 2 - Install Certbot

Certbot is a tool to automatically manage Let's Encrypt certificates. Follow the steps below to install Certbot according to your Linux distribution.

  • Ubuntu/Debian
  • CentOS
  • Fedora
sudo apt update
sudo apt install certbot
sudo yum install epel-release
sudo yum install certbot
sudo dnf install certbot

Verify that Certbot is properly installed by running the following command:

certbot --version

This should show the version of Certbot installed.

Step 3 - Get an SSL certificate with Let's Encrypt

If you have set up your web server (Nginx or Apache), we recommend using Certbot plugins to automate SSL configuration and enable HTTPS redirections. These plugins simplify the installation by directly managing the configuration files of the web server.

Depending on your web server, use the corresponding command lines:

  • Nginx
  • Apache

Install the Certbot Nginx plugin:

sudo apt install python3-certbot-nginx -y

Generate the SSL certificate:

sudo certbot --nginx -d your_domain

Install the Apache Certbot plugin:

sudo apt install python3-certbot-apache -y

Generate the SSL certificate:

sudo certbot --apache -d your_domain

Certbot will automatically configure the SSL certificate and HTTPS redirection. Check that your website is accessible in HTTPS.

Standalone usage

If you prefer to configure your server manually, use Certbot in standalone mode. This mode uses a temporary server built into Certbot to validate your domain name and generate an SSL certificate.

Use the following command to request a certificate:

sudo certbot certonly --standalone -d your_domain

Replace your_domain with your domain name.

This method temporarily stops any service using port 80 (for example, another web server).

Once the certificate has been generated, the files are available in /etc/letsencrypt/live/your_domain/:

  • fullchain.pem: the full certificate.
  • privkey.pem: the private key.

Step 4 - Configure your web server

If you have used the automatic solution (with Certbot plugins) before (Step 3) and your website is accessible in HTTPS, go directly to the Step 5 of this guide.

Example for Nginx

1. Open your website's configuration file (for example, /etc/nginx/sites-available/your_domain.conf).

2. Add the following lines to activate SSL:

server {
    listen 443 ssl;
    server_name your_domain;

    ssl_certificate /etc/letsencrypt/live/your_domain/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/your_domain/privkey.pem;

    # Additional security settings
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;

    # HTTP to HTTPS redirection
    location / {
        try_files $uri $uri/ =404;
    }
}

3. Add an automatic HTTP to HTTPS redirection:

server {
    listen 80;
    server_name your_domain;
    return 301 https://$host$request_uri;
}

4. Test and restart Nginx:

sudo nginx -t
sudo systemctl reload nginx

Check that your website is accessible in HTTPS.

Example for Apache

1. Enable SSL modules and headers:

sudo a2enmod ssl
sudo a2enmod headers

2. Modify your website's configuration (e.g. /etc/apache2/sites-available/your_domain.conf) to include:

<VirtualHost *:80>
    ServerName your_domain
    DocumentRoot /var/www/your_domain

    Redirect permanent / https://your_domain/

    <Directory /var/www/your_domain>
        AllowOverride All
        Require all granted
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/ssltest_error.log
    CustomLog ${APACHE_LOG_DIR}/ssltest_access.log combined
</VirtualHost>

<VirtualHost *:443>
    ServerName your_domain
    DocumentRoot /var/www/your_domain

    # Enable SSL
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/your_domain/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/your_domain/privkey.pem

    # Additional security settings
    SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
    SSLCipherSuite HIGH:!aNULL:!MD5
    SSLHonorCipherOrder on

    <Directory /var/www/your_domain>
        AllowOverride All
        Require all granted
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/ssltest_error.log
    CustomLog ${APACHE_LOG_DIR}/ssltest_access.log combined
</VirtualHost>

3. Test and restart Apache:

sudo apachectl configtest
sudo systemctl restart apache2

Check that your website is accessible in HTTPS.

Step 5 - Enable automatic renewal

Let's Encrypt certificates are valid for 90 days. Configure automatic renewal with Certbot:

Test automatic renewal:

sudo certbot renew --dry-run

Certbot automatically configures a cron task or a systemd timer to manage renewal. Check its status with:

sudo systemctl list-timers | grep certbot

Go further

For specialized services (SEO, development, etc.), contact the OVHcloud partners.

Join our community of users.

  1. Secure Shell (SSH) : un protocole de réseau sécurisé utilisé pour établir des connexions entre un client et un serveur. Il permet d'exécuter des commandes à distance de manière sécurisée. 

Related articles