In OpenLiteSpeed web server, setting up a SSL certificate for a domain is a bit tricky. In this article I will show how to setup Cloudflare’s free SSL certificate for a domain name. Before we begin, make sure that your domain is using Cloudflare’s DNS.

Getting certificate from Cloudflare

  1. Login to your Cloudflare dashboard and select your domain.

  2. Click on “Crypto” tab and within SSL settings, select “Full (strict)”

<img class="alignnone size-full wp-image-99" src="/uploads/2019/04/cf_strict.png" alt="" width="1073" height="539" srcset="/uploads/2019/04/cf_strict.png 1073w, /uploads/2019/04/cf_strict-768x386.png 768w" sizes="(max-width: 1073px) 100vw, 1073px" />

  1. Scroll down a bit and within “Origin Certificates” settings, click “Create Certificate”

<img class="alignnone size-full wp-image-100" src="/uploads/2019/04/create_cert.png" alt="" width="1009" height="152" srcset="/uploads/2019/04/create_cert.png 1009w, /uploads/2019/04/create_cert-768x116.png 768w" sizes="(max-width: 1009px) 100vw, 1009px" />

  1. A pop up window will open. Under the “List the hostnames”, you will see your domain name. If you want to host multiple domains in your web server, then you can also add those domains in that field. Make sure that certificate validity is set to 15 years. Now click next. You will see the certificate file and along with key file that has been generated according to your domain name. We need that certificate file and key file later for the web server.

  2. Do not close the window and copy the contents of the “Origin Certificate” box. Create an empty file named “ssl.pem” and paste the copied contents within that file. Follow the similar step for “Private key” and save the file as “ssl.key”

Our work in Cloudflare is done.

Setup Web Server to use generated certificates

First, transfer those .pem and .key files to /usr/local/lsws/conf/cert directory. Now to use those files in our Web Server, we need to configure the SSL settings for port 443 listener.

  1. Login to OpenLiteSpeed control panel and navigate to “Listeners” and click “Add”

<img class="alignnone size-full wp-image-102" src="/uploads/2019/04/ssl_listener_add.png" alt="" width="1658" height="660" srcset="/uploads/2019/04/ssl_listener_add.png 1658w, /uploads/2019/04/ssl_listener_add-768x306.png 768w" sizes="(max-width: 1658px) 100vw, 1658px" />

Set the following values:

Listener name: 443 (or any name)
IP Address: ANY
Port: 443
Secure: Yes

Click Save icon

<img class="alignnone size-full wp-image-103" src="/uploads/2019/04/ssl_listener_save.png" alt="" width="1661" height="683" srcset="/uploads/2019/04/ssl_listener_save.png 1661w, /uploads/2019/04/ssl_listener_save-768x316.png 768w" sizes="(max-width: 1661px) 100vw, 1661px" />

  1. Your newly created listener will be added to listener list. Now click “View” to open the listener

<img class="alignnone size-full wp-image-104" src="/uploads/2019/04/ssl_open_listener.png" alt="" width="1363" height="73" srcset="/uploads/2019/04/ssl_open_listener.png 1363w, /uploads/2019/04/ssl_open_listener-768x41.png 768w" sizes="(max-width: 1363px) 100vw, 1363px" />

  1. Go to “SSL” tab and click edit

<img class="alignnone size-full wp-image-105" src="/uploads/2019/04/ssl_edit.png" alt="" width="1415" height="685" srcset="/uploads/2019/04/ssl_edit.png 1415w, /uploads/2019/04/ssl_edit-768x372.png 768w" sizes="(max-width: 1415px) 100vw, 1415px" />

  1. Fill out the following values:
Private Key File: /usr/local/lsws/conf/cert/server.key
Certificate FIle: /usr/local/lsws/conf/cert/server.pem

Save the settings.

  1. Get back to the “SSL” tab and click “Edit” icon in “SSL Protocol” settings

<img class="alignnone size-full wp-image-106" src="/uploads/2019/04/ssl_protocol.png" alt="" width="1417" height="200" srcset="/uploads/2019/04/ssl_protocol.png 1417w, /uploads/2019/04/ssl_protocol-768x108.png 768w" sizes="(max-width: 1417px) 100vw, 1417px" />

  1. Select all the checkboxes in “Protocol Version” and click save icon
    <img class="alignnone size-full wp-image-107" src="/uploads/2019/04/ssl_protocol_ver_save.png" alt="" width="1433" height="306" srcset="/uploads/2019/04/ssl_protocol_ver_save.png 1433w, /uploads/2019/04/ssl_protocol_ver_save-768x164.png 768w" sizes="(max-width: 1433px) 100vw, 1433px" />

  2. Now head back to the “Listeners” > “General” tab. Under “Virtual Host Mappings”, click “Add”
    <img class="alignnone size-full wp-image-108" src="/uploads/2019/04/ssl_virtual_host_map.png" alt="" width="1671" height="670" srcset="/uploads/2019/04/ssl_virtual_host_map.png 1671w, /uploads/2019/04/ssl_virtual_host_map-768x308.png 768w" sizes="(max-width: 1671px) 100vw, 1671px" />

  3. Set “Virtual Host” for your domain and specify the domain name ( If you didn’t create a Virtual Host for your domain, we recommand you to follow how to setup virtual host for a domain. Click save icon.

Now try to visit your domain with https protocol. If you follow all the above steps correctly, it should work. If it doesn’t, check your Web Server log for error details.