If you’re reading this article, there’s a big chance you’ve chosen one of our 1 Click Applications (aka 1CA), with an awesome application ready to be used as soon as your server is up and running.
Our tech engineers at SSD Nodes worked hard to save you time and effort, preparing the most demanded applications, and making sure you get the most up to date version of your preferred app, after having been fully tested and deployed to fit your needs.
And to make them even more secure, all our 1CAs are installed with an active HTTPS self-signed certificate that will secure your website and protect your customers’ online transactions, making sure their sensitive information, such as their credit card number and personal information are being securely transmitted.
In This Article
In this article, you'll manage your 1-Click application, configuring an SSL/TLS certificate from a certificate authority (CA) and using it instead of the pre-installed self-signed certificate.
You will also add a domain name to your server to be used as an address instead of the default server IP.
Use the following links to jump to the main topics:
- Understanding our 1CAs built-in Self-Signed Certificates
- Transforming your Self-Signed to a CA certificate
- Adding a Domain Name to Your Server
Note: If you haven't purchased a server yet, what are you waiting for? Visit our site now and get a hefty discount. Choose the server’s specifications that fit your needs, along with any of the 1 Click- Applications we offer (WordPress, Zabbix, phpMyAdmin, Webmin, Nextcloud, LAMP, LEMP, Grafana to name a few), complete your checkout, and in a couple of minutes, our building algorithms will hand you a beautiful application ready to be used!
Understanding Built-in Self-signed Certificates
Our built-in self-signed certificates create safer experiences for your customers, build more trust and improve conversions, protecting both customers and internal data.
Check more details here:
Trying Out Your Certificate
- Load your site in a browser by prefixing https:// to your website address. You will get a warning message, which is normal for a self-signed certificate.
- Click “ Advanced” or “More information” depending on the browser, and choose to proceed. Below is an example from Google Chrome.
The browser is just warning you that it can’t verify the identity of the server, since the certificate is not signed by any of its known certificate authorities.
After you do so, your browser will load your application’s welcome page, but with a noticeable symbol in front of your URL (aka website address).
In the above pop-up, click on “Certificate is not valid” for more details on the self-signed certificate.
Transforming Your Self-signed Certificate to a Valid CA Certificate
CA certificates can either be procured from Let's Encrypt or from other CA authorities.
Please check our special article discussing differences between Let's Encrypt & other CA-issued certificates, along with the essential information on how to procure both of these types.
To procure a Let's Encrypt certificate, follow the Creating The Let's Encrypt Certificate steps in this article.
After you procure your certificate (Let’s Encrypt or other), please refer to the following instructions, which describe installing the CA certificate on your web server.
Installing a CA Certificate for the APACHE Web Server
- Edit Apache’s default configuration file
nano /etc/apache2/sites-enabled/000-default.conf
- Replace the key and the certificate paths to the new values (highlighted in yellow in the below code).
<VirtualHost *:80> Define servername www.example.com ServerName ${SERVERNAME} RewriteEngine on RewriteRule ^/.*$ https://\${SERVERNAME}%{SCRIPT_FILENAME}?%{QUERY_STRING} [R=301] ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> <VirtualHost *:443> SSLEngine On SSLCertificateFile /etc/letsencrypt/live/www.example.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem ServerName ${SERVERNAME} DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>
- Restart Apache
sudo systemctl restart apache2
- Reload your browser and you will notice a secured padlock with a valid certificate message as follows. Below is an example from Google Chrome.
For more details, check out Secure Your Site Using HTTPS.
Installing a CA Certificate for the NGINX Web Server
- Edit Nginx’s default configuration file
nano /etc/nginx/sites-enabled/default
- Replace the key and the certificate paths to the new values (highlighted in yellow in the below code).
server { listen 80; listen [::]:80; server_name www.example.com; access_log off; location / { rewrite ^ https://$host$request_uri? permanent; } } server { listen 443 ssl; listen [::]:443 ssl; server_name www.example.com; root /var/www/html; index index.php index.html index.htm index.nginx-debian.html; autoindex off; ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }
- Restart Nginx
sudo systemctl restart nginx
- Reload your browser and you will notice a secured padlock with a valid certificate message as follows:
Common Parts For Both APACHE & NGINX
In the above pop-up, click on “Certificate is secure” for more details on the CA certificate.
Your website is now a CA certified and you can securely welcome any online transactions, paid subscriptions like eCommerce websites, memberships or charity and online fundraising. For more details, check out Secure Your Site Using HTTPS.
Adding a Domain Name to Your Server
In this section, we will explain how to add a server name to your server, in the two most popular web servers: Apache and Nginx.
After procuring the domain name from SSD Nodes or others (Example: example.com), you need to add a hostname mapping to your server’s IP (Example: www.example.com → 192.0.0.1)
Apache Domain Name
- Edit Apache’s default configuration file
nano /etc/apache2/sites-enabled/000-default.conf
For the moment, you will see that the “servername” attribute is the IP address automatically assigned to you. As an example:
<VirtualHost *:80> Define servername 192.0.0.1 ServerName ${SERVERNAME} RewriteEngine on RewriteRule ^/.*$ https://\${SERVERNAME}%{SCRIPT_FILENAME}?%{QUERY_STRING} [R=301] ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> <VirtualHost *:443> SSLEngine On SSLCertificateFile /etc/ssl/certs/apache-selfsigned.pem SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key ServerName ${SERVERNAME} DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>
- Replace the existing IP with your domain name, which rights you would have purchased earlier, from a registrar entity (like GoDaddy, Namecheap, Network Solutions, etc.) by replacing the yellow highlighted part below.
<VirtualHost *:80> Define servername www.example.com ServerName ${SERVERNAME} RewriteEngine on RewriteRule ^/.*$ https://\${SERVERNAME}%{SCRIPT_FILENAME}?%{QUERY_STRING} [R=301] ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> <VirtualHost *:443> SSLEngine On SSLCertificateFile /etc/ssl/certs/apache-selfsigned.pem SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key ServerName ${SERVERNAME} DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>
- Enable SSL and RewriteEngine modules on Apache
sudo a2enmod ssl rewrite
- Test for configuration errors
sudo apache2ctl configtest
The below output means you can safely reload Apache, otherwise, you will get a very specific description pointing out the error you have to fix.
Syntax OK
- Restart Apache
sudo systemctl restart apache2
Testing Your Apache Domain Name
Open your preferred browser, and type your website’s domain name along with the https prefix.
Example: https://www.example.com, then tap “Enter”, and you should notice that your site will load its default home page, while preserving your domain name in the URL. Example: https://www.example.com/landingpages/index.html
Nginx Domain Name
- Edit Nginx’s default configuration file
nano /etc/nginx/sites-enabled/default
For the moment, you will see that the “server_name” attribute is the IP address automatically assigned to you. As an example:
server { listen 80; listen [::]:80; server_name 192.0.0.1; access_log off; location / { rewrite ^ https://$host$request_uri? permanent; } } server { listen 443 ssl; listen [::]:443 ssl; server_name 192.0.0.1; root /var/www/html; index index.php index.html index.htm index.nginx-debian.html; autoindex off; ssl_certificate /etc/ssl/certs/apache-selfsigned.pem; ssl_certificate_key /etc/ssl/private/apache-selfsigned.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }
- Replace the existing IP with your domain name, which rights you would have purchased earlier, from a registrar entity (like GoDaddy, Namecheap, Network Solutions, etc.) by replacing the yellow highlighted part below.
server { listen 80; listen [::]:80; server_name www.example.com; access_log off; location / { rewrite ^ https://$host$request_uri? permanent; } } server { listen 443 ssl; listen [::]:443 ssl; server_name www.example.com; autoindex off; ssl_certificate /etc/ssl/certs/apache-selfsigned.pem; ssl_certificate_key /etc/ssl/private/apache-selfsigned.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }
- Restart Nginx
sudo systemctl restart nginx
Setting up a Domain Name for NextCloud with Nginx
For NextCloud, you also need to add your domain name to your NextCloud’s trusted domain list, in addition to configuring it in your Nginx configuration file.
First open the NextCloud configuration file:
nano /var/www/nextcloud/config/config.php
Then modify the trusted_domains
array to include your new domain name:
'trusted_domains' =>
array (
0 => 'your_ip_address',
1 => 'yourdomain.com',
),
Make sure you’ve added your domain name to your Nginx configuration, then restart it:
sudo systemctl restart nginx
Testing Your Nginx Domain Name
Open your preferred browser, and type your website’s domain name along with the https prefix.
Example: https://www.example.com, then tap “Enter”, and you should notice that your site will load its default home page, while preserving your domain name in the URL.
Setting up Let's Encrypt for the Grafana 1-Click Application
Grafana uses custom configurations for its server, and to add a Let's Encrypt certificate to your Grafana 1-Click application, you'll need to use Certbot to generate a certificate, then modify file permissions and the Grafana configuration file. This section will walk you through the process.
1) Generate a Let's Encrypt Certificate with Certbot
First, install certbot
:
sudo apt install -y certbot
This installs the Certbot tool, which automates the process of obtaining and renewing Let's Encrypt SSL certificates.
Then generate a certificate:
sudo certbot certonly --standalone
The --standalone
option tells Certbot to use its own web server to verify domain ownership.
You will be asked to answer a few questions, input the following for each prompt:
1. (Your email)
2. (Y)
3. (N)
4. your_domain_name
These prompts are for:
- Your email address (for important notifications about your certificate)
- Agreeing to the Let's Encrypt terms of service
- Declining to share your email with the Electronic Frontier Foundation
- The domain name you want to secure with SSL
Then you will receive your Let's Encrypt certificate file and a private key:
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/your_domain.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/your_domain.com/privkey.pem
This certificate expires on 2024-11-25.
2) Set up Grafana to Use the New Certificate
Rename the existing self-signed certificate files:
mv /etc/grafana/grafana.key /etc/grafana/grafana_old.key
mv /etc/grafana/grafana.pem /etc/grafana/grafana_old.pem
This backs up the original self-signed certificates in case you need to revert changes.
Set up symlinks for the certificates you just generated:
sudo ln -s /etc/letsencrypt/live/your_domain.com/fullchain.pem /etc/grafana/grafana.pem
sudo ln -s /etc/letsencrypt/live/your_domain.com/privkey.pem /etc/grafana/grafana.key
These symlinks allow Grafana to use the Let's Encrypt certificates without modifying its configuration.
Adjust permissions:
sudo chgrp -R grafana /etc/letsencrypt/*
sudo chmod -R g+rx /etc/letsencrypt/*
sudo chown -R grafana /etc/letsencrypt/*
sudo chown grafana /etc/grafana/*
sudo chgrp -R grafana /etc/grafana/grafana.pem /etc/grafana/grafana.key
sudo chmod 400 /etc/grafana/grafana.pem /etc/grafana/grafana.key
This ensures that the Grafana service has the necessary permissions to read the certificate files.
Verify the permissions:
ls -l /etc/grafana/grafana.*
The output should be as follows:
-rw-r----- 1 grafana grafana 67167 May 27 17:11 /etc/grafana/grafana.ini
lrwxrwxrwx 1 root grafana 50 May 28 11:27 /etc/grafana/grafana.key -> /etc/letsencrypt/live/your_domain.com/privkey.pem
lrwxrwxrwx 1 root grafana 52 May 28 11:27 /etc/grafana/grafana.pem -> /etc/letsencrypt/live/your_domain.com/fullchain.pem
3) Configure Grafana
Next, open the Grafana config file:
nano /etc/grafana/grafana.ini
Then modify the domain parameter:
[server]
;domain = localhost
Uncomment the parameter and set up your domain:
[server]
domain = your_domain.com
This tells Grafana which domain name to use for HTTPS.
4) Restart Grafana
Finally, restart the Grafana service to apply the changes:
systemctl restart grafana-server
systemctl status grafana-server
The status
command will show you if Grafana started successfully with the new configuration.
Grafana will now be served on port 3000
using HTTPS with your new Let's Encrypt certificate:
https://your_domain.com:3000/
Conclusion
That's it, you now have your 1-click application configured with an SSL/TLS certificate from a certificate authority, and a domain name for your 1-click applications.
A note about tutorials: We encourage our users to try out tutorials, but they aren't fully supported by our team—we can't always provide support when things go wrong. Be sure to check which OS and version it was tested with before you proceed.
If you want a fully managed experience, with dedicated support for any application you might want to run, contact us for more information.