====== Setup SSL with Let's Encrypt ======
[[https://letsencrypt.org/ | Let's Encrypt]] is a Certificate Authority (CA) that provides free, automated, and open security certificates. It enables website owners to get security certificates within minutes, and leads to a safer web experience for everyone.
===== Apply for SSL via Let's Encrypt =====
**Note**: You may want to get your valid domain and server set up before applying for your certificate.

  - Visit [[https://certbot.eff.org/ | certbot]] (a Let's Encrypt client). Choose ''None of the above'' for **Software** and choose your OS for **System**. We will use ''CentOS/RHEL 7'' as example. 
  - Certbot will bring up some instructions specific to your OS. For CentOS7 we will run the following commands:<code>
yum install certbot
certbot certonly </code>
  - Enter your email, domain and valid web root, e.g. ''/usr/local/lsws/DEFAULT/html/'', when prompted
  - If your application is a success, you should see "Congratulations!"
  - Verify your certificate files exist: <code>ll /etc/letsencrypt/YOUR_DOMAIN/</code> You should see the following files:<code>
    * cert.pem
    * chain.pem
    * fullchain.pem
    * privkey.pem</code>

===== Setup SSL on LSWS=====
Access LiteSpeed Web Server **Web Admin -> Configuration -> Listeners -> SSL**

==== Method 1 with fullchain====
{{:litespeed_wiki:config:ssl-5.png?700|}}

  * **Private Key File**: ''/etc/letsencrypt/live/Your_Domain/privkey.pem''
  * **Certificate File**: ''/etc/letsencrypt/live/Your_Domain/fullchain.pem''
  * **Chained Certificate**: ''Yes''
  * **CA Certificate Path**: 
  * **CA Certificate File**:

==== Method 2 without fullchain====
{{:litespeed_wiki:config:ssl-4.png?700|}}

  * **Private Key File**: ''/etc/letsencrypt/live/Your_Domain/privkey.pem''
  * **Certificate File**: ''/etc/letsencrypt/live/Your_Domain/cert.pem''
  * **Chained Certificate**: ''No''
  * **CA Certificate Path**: 
  * **CA Certificate File**: ''/etc/letsencrypt/live/Your_Domain/chain.pem''

===== Verify SSL is Working =====
==== Online SSL Testing Tool====
Use [[https://www.ssllabs.com/ssltest/|ssllabs]]'s testing tool.

{{:litespeed_wiki:config:ssl-1.png?700|}}

====Simple Browser Check====
If the certificate is valid, you will see **🔒 Secure** in green.

{{:litespeed_wiki:config:ssl-2.png?300|}}

You can also click the padlock to view the connection status.

{{:litespeed_wiki:config:ssl-3.png?400|}}