OpenLiteSpeed Port and SSL Configurations

type

status

date

slug

summary

How to generate a valid certificate via Let’s Encrypt?

Using Let's Encrypt to generate an SSL certificate for your server is a great choice, as it provides free and recognized certificates. The most common tool for obtaining certificates from Let's Encrypt is Certbot. Here’s how to use it:

Step 1: Install Certbot

First, you need to install Certbot on your server. The installation method depends on your server's operating system.

On Ubuntu/Debian:

On CentOS/RHEL:

On Fedora:

On macOS (using Homebrew):

Step 2: Obtain the Certificate

Certbot can automatically configure SSL for some web servers, but for OpenLiteSpeed, you'll use it just to obtain the certificate.

Standalone Method (if no web server is currently running on port 80):

Replace yourdomain.com with your actual domain name. This method temporarily starts a web server to respond to the Let's Encrypt validation request.

Webroot Method (if your web server is running):

/path/to/your/webroot should be replaced with the actual web root directory of your website.

Step 3: Configure OpenLiteSpeed

After obtaining the certificate, you'll have to manually configure OpenLiteSpeed to use it:

Locate the certificate files. Certbot usually places them in /etc/letsencrypt/live/yourdomain.com/.

In the OpenLiteSpeed WebAdmin console, navigate to the listener settings where you want to apply the SSL certificate.

Add the paths to the full chain (fullchain.pem) and the private key (privkey.pem) files.

Save and gracefully restart OpenLiteSpeed.

Step 4: Automatic Renewal

Let's Encrypt certificates are valid for 90 days, so it's important to set up automatic renewal:

You can also add a cron job to automate this process:

This cron job will run the renewal command twice daily.

Notes

The commands provided assume root or sudo privileges.

Make sure that ports 80 and 443 are open in your firewall to allow Let's Encrypt to validate your domain.

The domain name you use with Certbot must be the one that your server is accessible at from the internet.

After setting up the SSL certificate, consider configuring HTTP to HTTPS redirection to ensure secure browsing.

How to assign 8080 port in OpenLiteSpeed panel?

Adding a new port for SSL in OpenLiteSpeed involves configuring a listener for the desired port and setting up SSL on that listener. Here’s a step-by-step guide to help you through the process:

Step 1: Access the OpenLiteSpeed WebAdmin Console

First, you need to access the OpenLiteSpeed WebAdmin Console. This is typically available at http://your_server_IP:7080, where your_server_IP is the IP address of your server.

Step 2: Navigate to Listeners

In the WebAdmin Console, go to the Listeners section. Listeners are used by OpenLiteSpeed to handle incoming network connections.

Step 3: Create a New Listener

Click the Add button to create a new listener.

Enter the required information:

Listener Name: Give your listener a name.

IP Address: Choose the IP address or leave it as ANY.

Port: Enter the new port number you wish to use for SSL (e.g., 8080).

Step 4: Set Up SSL

Once the listener is created, click on the newly created listener to edit it.

Go to the SSL tab in the listener settings.

Here, you will need to provide the path to your SSL certificate and private key. If you don’t have an SSL certificate, you can generate a self-signed certificate or get one from a certificate authority like Let’s Encrypt.

SSL Private Key File: Enter the path to your private key file.

SSL Certificate File: Enter the path to your certificate file.

You may also need to specify a Chained Certificate Path if your SSL certificate requires it.

Make sure the Secure checkbox is checked to enable SSL for this listener.

Step 5: Specify Virtual Host Mappings (Optional)

If you want this listener to direct traffic to a specific virtual host, you will need to set up virtual host mappings:

Go to the Virtual Host Mappings tab.

Add the domain and map it to the desired virtual host.

Step 6: Restart OpenLiteSpeed

For the changes to take effect, you need to gracefully restart OpenLiteSpeed. You can do this from the console by clicking on the Restart button.

Step 7: Test the Configuration

Once you have restarted OpenLiteSpeed, test the SSL setup by accessing your website using the new port. For example, https://yourdomain.com:8080. Ensure the site loads correctly and that there are no SSL security warnings.

Additional Considerations

Firewall Settings: Make sure that your server’s firewall allows incoming connections on the new SSL port.

Certificate Validity: Ensure that the SSL certificate is valid and recognized by browsers to avoid security warnings.

Port Conflicts: Avoid using a port that is already in use by another service on the server.

The exact steps may vary slightly depending on your server setup and the specifics of your OpenLiteSpeed configuration. Always refer to the official OpenLiteSpeed documentation for the most accurate and detailed guidance.

How to set SSL configuration for 8080 port?

Assigning port 8080 for SSL with a Let's Encrypt certificate on an OpenLiteSpeed server involves a few specific steps. Generally, port 8080 is used for non-SSL traffic, but it's possible to set it up for SSL if required. Follow these steps to configure your server:

Step 1: Obtain the SSL Certificate

First, you need to obtain an SSL certificate from Let's Encrypt for your domain. You can do this using Certbot or any other ACME client that supports Let's Encrypt. The steps are similar to my previous message, but you won't immediately configure OpenLiteSpeed to use this certificate.

Step 2: Set Up a Listener on OpenLiteSpeed for Port 8080

Configure a listener in OpenLiteSpeed to use port 8080 for SSL:

Access the OpenLiteSpeed WebAdmin Console: Typically, this is available at http://your_server_IP:7080.

Navigate to Listeners: Go to the Listeners section.

Add or Edit a Listener for Port 8080:

If a listener for port 8080 already exists, edit it.

If not, create a new one by clicking the Add button.

Set the Listener Port to 8080 and the IP Address to ANY or a specific IP if needed.

Configure SSL:

Switch to the SSL tab in your listener settings.

Specify the path to your Let's Encrypt certificate and private key, typically located in /etc/letsencrypt/live/yourdomain.com/.

SSL Private Key File: Usually path + privkey.pem.
SSL Certificate File: Usually path + cert.pem.
Chain Certificate: Usually path + Yes.
CA Certificate File: Usually path + fullchain.pem.

Save and Apply Changes:

Save your changes and do a graceful restart of OpenLiteSpeed for the changes to take effect.

Step 3: Firewall Configuration

Ensure your firewall is configured to allow traffic on port 8080. The commands to adjust the firewall settings depend on your operating system and its configuration.

Step 4: Test the Configuration

Once everything is set up, test accessing your site using https://yourdomain.com:8080 to ensure that SSL is working correctly on port 8080.

Notes

Using port 8080 for SSL is unusual and may cause confusion or issues with some applications or services that expect this port to be used for non-SSL traffic. Typically, SSL ports are 443 or other non-standard ports not commonly associated with non-SSL traffic.

Make sure to update any configurations (such as in web applications or reverse proxies) that might be affected by this change.

Remember to set up automatic renewal for your Let's Encrypt certificate, as they expire every 90 days.

How to restart to apply the changes?

The message "Configuration has been modified. To apply changes, please perform a graceful restart." in OpenLiteSpeed indicates that you've made changes to the configuration, but these changes are not yet active. A graceful restart is required to apply these new settings without dropping existing connections. Here's how to perform a graceful restart in OpenLiteSpeed:

Via the WebAdmin Console

Access the WebAdmin Console:

Open your web browser and navigate to the OpenLiteSpeed WebAdmin console. This is usually at http://your_server_IP:7080.

Navigate to Actions:

In the top right corner of the WebAdmin console, you should see an “Actions” menu.

Perform a Graceful Restart:

From the "Actions" menu, select the option to perform a graceful restart. This might be labeled as “Graceful Restart,” “Restart,” or something similar.

Via Command Line

Alternatively, if you have SSH access to the server where OpenLiteSpeed is installed, you can perform a graceful restart via the command line:

SSH into Your Server:

Use an SSH client to connect to your server. You will need the server's IP address, a valid user account, and the corresponding password or private key.

Execute the Restart Command:

Once logged in, execute the following command to gracefully restart OpenLiteSpeed:

Adjust the path if your OpenLiteSpeed installation is in a different directory.

What Happens During a Graceful Restart?

A graceful restart ensures that the server continues to handle current requests without interruption while reloading the configuration to apply new changes.

New connections will be handled using the updated settings, while existing connections continue with the old settings until they are completed.

Post-Restart Verification

After performing the restart, verify that the server is functioning correctly.

Test the changes you made, such as accessing the new SSL-enabled port, to ensure everything is working as expected.

Important Notes

Ensure that you have the necessary permissions to perform a restart.

Keep in mind that while a graceful restart shouldn't cause downtime, it's still a significant operation. Make sure to monitor your server after the restart, especially if you made substantial configuration changes.