How to Install a Free Let’s Encrypt SSL Certificate on OpenLiteSpeed

Let’s Encrypt is a widely trusted, free Certificate Authority (CA) whose SSL/TLS certificates are automatically recognized by all major browsers, including Chrome, Firefox, Safari, and Edge. In this guide, we’ll walk through how to install and configure a free Let’s Encrypt certificate for an OpenLiteSpeed web server running on Ubuntu 24.04.

Step 1: Install Certbot

Certbot is the official client for obtaining and managing Let’s Encrypt certificates. Start by updating your package list and installing Certbot:

sudo apt-get update
sudo apt-get install certbot

Step 2: Request Your SSL Certificate

To request a certificate that covers both your domain and its www subdomain, run the following command. Be sure to replace YOUR_DOMAIN with your actual domain name and adjust the webroot path to match your site’s document root:

sudo certbot certonly --webroot -w /usr/local/lsws/wordpress/html -d YOUR_DOMAIN -d www.YOUR_DOMAIN

💡 Tip: The -w flag specifies the webroot directory used for domain validation. Make sure this path matches the actual root directory of your website served by OpenLiteSpeed.

Upon successful completion, Certbot will save your certificate files to:

• Certificate: /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem
• Private Key: /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem

Step 3: Configure OpenLiteSpeed to Use the Certificate

If you’re using a single certificate for your site, you can configure it directly at the Listener level in the OpenLiteSpeed WebAdmin Console.

1. Log in to the admin panel at http://yourdomain:7080.
2. Navigate to OpenLiteSpeed → Dashboard → Listeners → SSL.
3. Under SSL Private Key & Certificate, enter the following:
   • Private Key File: /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem
   • Certificate File: /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem
   • Chained Certificate: Set to Yes
4. Next, go to OpenLiteSpeed → Dashboard → Listeners → General.
5. Ensure the following settings are configured:
   • Port: 443
   • Secure: Yes
6. Click Save, then perform a Graceful Restart of the server:

/usr/local/lsws/bin/lswsctrl restart

Your site is now accessible via HTTPS at https://YOUR_DOMAIN.

Automatic Renewal: Nothing Extra to Do!

One common concern with Let’s Encrypt certificates is their 90-day validity period. However, there’s good news: Certbot automatically sets up a renewal task during installation.

After issuing your certificate, you’ll see output similar to this:

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem
This certificate expires on 2026-06-05.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

This means Certbot has already configured a systemd timer or cron job (depending on your system) to renew your certificate before it expires. No additional scripting or manual intervention is required.

Optional: Test the Renewal Process

To verify that automatic renewal is working correctly, you can perform a dry run:

sudo certbot renew --dry-run

If everything is configured properly, you’ll see a success message indicating that renewal would proceed without issues.

Conclusion

With just a few commands and some simple configuration in the OpenLiteSpeed admin panel, you can secure your website with a free, trusted, and automatically renewing SSL certificate from Let’s Encrypt. This setup not only enhances security but also improves user trust and search engine rankings—all at zero cost.

Enjoy your secure, HTTPS-enabled website! 🔒🌐