en-gb version + index

fabienOVH · fabienOVH · commit 3fdd1c732883 · 2025-01-24T12:16:58.000+01:00
diff --git a/pages/bare_metal_cloud/virtual_private_servers/install-ssl-certificate/guide.en-gb.md b/pages/bare_metal_cloud/virtual_private_servers/install-ssl-certificate/guide.en-gb.md
@@ -0,0 +1,270 @@
+---
+title: 'How to install an SSL certificate on a VPS'
+excerpt: 'Find out how to install an SSL certificate on an OVHcloud VPS'
+updated: 2025-01-24
+---
+
+## Objective
+
+Securing your website is essential to protect your users' sensitive data and improve their trust. With an SSL certificate (**S**ecure **S**ockets **L**ayer), you can encrypt the exchanges between your visitors and your website, while strengthening its credibility. This guide documents the use of **Let's Encrypt**, a free and automated service.
+
+**Find out how to install an SSL certificate on an OVHcloud VPS.**
+
+> [!warning]
+>
+> OVHcloud provides services that you are responsible for with regard to their configuration and management. It is therefore your responsibility to ensure that they function properly.
+>
+> We offer this tutorial to help you with common tasks. Nevertheless, we recommend contacting a [specialist provider](/links/partner) and/or the service's publisher if you encounter any difficulties. We will not be able to assist you. More information in the [Go further](#gofurther) section of this tutorial.
+>
+
+## Requirements
+
+- A [Virtual Private Server](/links/bare-metal/vps) in your OVHcloud account
+- Administrative access (sudo) via SSH to your server
+- A functional website accessible in `HTTP`
+
+## Instructions
+
+### Summary
+
+- [Step 1 - Log in to your OVHcloud VPS](#step1)
+- [Step 2 - Install Certbot](#step2)
+- [Step 3 - Get an SSL certificate with Let's Encrypt](#step3)
+- [Step 4 - Configure your web server](#step4)
+- [Step 5 - Enable automatic renewal](#step5)
+
+### Step 1 - Log in to your OVHcloud VPS <a name="step1"></a>
+
+1. Download an SSH client like [PuTTY](/pages/web_cloud/web_hosting/ssh_using_putty_on_windows) or use your operating system's built-in terminal.
+
+2. Log in to your OVHcloud VPS with the login information provided:
+
+```bash
+ssh root@<vps_ip>
+```
+Replace `<vps_ip>` with the IP address of your OVHcloud VPS.
+
+### Step 2 - Install Certbot <a name="step2"></a>
+
+Certbot is a tool to automatically manage Let's Encrypt certificates. Follow the steps below to install Certbot according to your Linux distribution.
+
+> [!tabs]
+> **Ubuntu/Debian**
+>>
+>> ```bash
+>> sudo apt update
+>> sudo apt install certbot
+>> ```
+>>
+> **CentOS**
+>>
+>> ```bash
+>> sudo yum install epel-release
+>> sudo yum install certbot
+>> ```
+>>
+> **Fedora**
+>>
+>> ```bash
+>> sudo dnf install certbot
+>> ```
+
+Verify that Certbot is properly installed by running the following command:
+
+```bash
+certbot --version
+```
+
+This should show the version of Certbot installed.
+
+### Step 3 - Get an SSL certificate with Let's Encrypt <a name="step3"></a>
+
+> [!primary]
+>
+> If you have set up your web server (Nginx or Apache), we recommend using Certbot plugins to automate SSL configuration and enable `HTTPS` redirections. These plugins simplify the installation by directly managing the configuration files of the web server.
+
+#### Automatic use with Certbot Nginx or Apache plugins (recommended)
+
+Depending on your web server, use the corresponding command lines:
+
+> [!tabs]
+> **Nginx**
+>>
+>> Install the Certbot Nginx plugin:
+>>
+>> ```bash
+>> sudo apt install python3-certbot-nginx -y
+>> ```
+>>
+>> Generate the SSL certificate:
+>>
+>> ```bash
+>> sudo certbot --nginx -d your_domain
+>> ```
+>>
+> **Apache**
+>>
+>> Install the Apache Certbot plugin:
+>>
+>> ```bash
+>> sudo apt install python3-certbot-apache -y
+>> ```
+>>
+>> Generate the SSL certificate:
+>>
+>> ```bash
+>> sudo certbot --apache -d your_domain
+>> ```
+
+Certbot will automatically configure the SSL certificate and `HTTPS` redirection. Check that your website is accessible in `HTTPS`.
+
+#### Standalone usage
+
+If you prefer to configure your server manually, use Certbot in standalone mode. This mode uses a temporary server built into Certbot to validate your domain name and generate an SSL certificate.
+
+Use the following command to request a certificate:
+
+```bash
+sudo certbot certonly --standalone -d your_domain
+```
+
+Replace `your_domain` with your domain name.
+
+> [!warning]
+> This method temporarily stops any service using port 80 (for example, another web server).
+
+Once the certificate has been generated, the files are available in `/etc/letsencrypt/live/your_domain/`:
+
+- `fullchain.pem`: the full certificate.
+- `privkey.pem`: the private key.
+
+### Step 4 - Configure your web server <a name="step4"></a>
+
+> [!primary]
+> If you have used the automatic solution (with Certbot plugins) before ([Step 3](#step3)) and your website is accessible in `HTTPS`, go to [step 5](step 5).
+
+#### Example for Nginx
+
+1\. Open your website's configuration file (for example, `/etc/nginx/sites-available/your_domain.conf`).
+
+2\. Add the following lines to activate SSL:
+
+```nginx
+server {
+    listen 443 ssl;
+    server_name your_domain;
+
+    ssl_certificate /etc/letsencrypt/live/your_domain/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/your_domain/privkey.pem;
+
+    # Paramètres de sécurité supplémentaires
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+
+    # Redirection HTTP vers HTTPS
+    location / {
+        try_files $uri $uri/ =404;
+    }
+}
+```
+
+3\. Add an automatic `HTTP` to `HTTPS` redirection:
+
+```nginx
+server {
+    listen 80;
+    server_name your_domain;
+    return 301 https://$host$request_uri;
+}
+```
+
+4\. Test and restart Nginx:
+
+```bash
+sudo nginx -t
+sudo systemctl reload nginx
+```
+
+Check that your website is accessible in `HTTPS`.
+
+#### Example for Apache
+
+1\. Enable SSL modules and headers:
+
+```bash
+sudo a2enmod ssl
+sudo a2enmod headers
+```
+
+2\. Modify your website's configuration (e.g. `/etc/apache2/sites-available/your_domain.conf`) to include:
+
+```apache
+<VirtualHost *:80>
+    ServerName your_domain
+    DocumentRoot /var/www/your_domain
+
+    Redirect permanent / https://your_domain/
+
+    <Directory /var/www/your_domain>
+        AllowOverride All
+        Require all granted
+    </Directory>
+
+    ErrorLog ${APACHE_LOG_DIR}/ssltest_error.log
+    CustomLog ${APACHE_LOG_DIR}/ssltest_access.log combined
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName your_domain
+    DocumentRoot /var/www/your_domain
+
+    # Activer SSL
+    SSLEngine on
+    SSLCertificateFile /etc/letsencrypt/live/your_domain/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/your_domain/privkey.pem
+
+    # Paramètres de sécurité supplémentaires
+    SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
+    SSLCipherSuite HIGH:!aNULL:!MD5
+    SSLHonorCipherOrder on
+
+    <Directory /var/www/your_domain>
+        AllowOverride All
+        Require all granted
+    </Directory>
+
+    ErrorLog ${APACHE_LOG_DIR}/ssltest_error.log
+    CustomLog ${APACHE_LOG_DIR}/ssltest_access.log combined
+</VirtualHost>
+```
+
+4\. Test and restart Apache:
+
+```bash
+sudo apachectl configtest
+sudo systemctl restart apache2
+```
+
+Check that your website is accessible in `HTTPS`.
+
+### Step 5 - Enable automatic renewal <a name="step5"></a>
+
+Let's Encrypt certificates are valid for 90 days. Configure automatic renewal with Certbot:
+
+Test automatic renewal:
+
+```bash
+sudo certbot renew --dry-run
+```
+
+Certbot automatically configures a `cron` task or a systemd timer to manage renewal. Check its status with:
+
+```bash
+sudo systemctl list-timers | grep certbot
+```
+
+## Go further <a name="go-further"></a>
+
+For specialized services (SEO, development, etc.), contact the [OVHcloud partners](/links/partner).
+
+Join our [community of users](/links/community).
diff --git a/pages/bare_metal_cloud/virtual_private_servers/install-ssl-certificate/guide.fr-fr.md b/pages/bare_metal_cloud/virtual_private_servers/install-ssl-certificate/guide.fr-fr.md
@@ -21,7 +21,7 @@ La sécurisation de votre site web est essentielle pour protéger les données s
 
 - Disposer d'une offre [VPS](/links/bare-metal/vps)
 - Disposer d'un accès administrateur (sudo) via SSH à votre VPS
-- Disposer d'un site web fonctionnel accessible en http
+- Disposer d'un site web fonctionnel accessible en `HTTP`
 
 ## En pratique
 
@@ -81,7 +81,7 @@ Cela doit afficher la version de Certbot installée.
 
 > [!primary]
 >
-> Si vous avez installé votre serveur web (Nginx ou Apache), nous vous recommandons d'utiliser les plugins Certbot pour automatiser la configuration SSL et activer les redirections HTTPS. Ces plugins simplifient l'installation en gérant directement les fichiers de configuration du serveur web.
+> Si vous avez installé votre serveur web (Nginx ou Apache), nous vous recommandons d'utiliser les plugins Certbot pour automatiser la configuration SSL et activer les redirections `HTTPS`. Ces plugins simplifient l'installation en gérant directement les fichiers de configuration du serveur web.
 
 #### Utilisation automatique avec les plugins Certbot Nginx ou Apache (recommandée)
 
@@ -116,7 +116,7 @@ Selon votre serveur web, utilisez les lignes de commandes correspondantes :
 >> sudo certbot --apache -d your_domain
 >> ```
 
-Certbot configurera automatiquement le certificat SSL et la redirection HTTPS. Vérifiez que votre site web est accessible en `https`.
+Certbot configurera automatiquement le certificat SSL et la redirection `HTTPS`. Vérifiez que votre site web est accessible en `HTTPS`.
 
 #### Utilisation en mode autonome
 
@@ -141,7 +141,7 @@ Une fois le certificat généré, les fichiers sont disponibles dans `/etc/letse
 ### Étape 4 - Configurez votre serveur web <a name="step4"></a>
 
 > [!primary]
-> Si vous avez utilisé la solution automatique (avec les plugins Certbot) précédemment ([Étape 3](#step3)) et que votre site web est accessible en `https`, passez à l'[étape 5](step5).
+> Si vous avez utilisé la solution automatique (avec les plugins Certbot) précédemment ([Étape 3](#step3)) et que votre site web est accessible en `HTTPS`, passez à l'[étape 5](step5).
 
 #### Exemple pour Nginx
 
@@ -168,7 +168,7 @@ server {
 }
 ```
 
-3\. Ajoutez une redirection automatique HTTP vers HTTPS :
+3\. Ajoutez une redirection automatique `HTTP` vers `HTTPS` :
 
 ```nginx
 server {
@@ -185,7 +185,7 @@ sudo nginx -t
 sudo systemctl reload nginx
 ```
 
-Vérifiez que votre site web est accessible en `https`.
+Vérifiez que votre site web est accessible en `HTTPS`.
 
 #### Exemple pour Apache
 
@@ -245,7 +245,7 @@ sudo apachectl configtest
 sudo systemctl restart apache2
 ```
 
-Vérifiez que votre site web est accessible en `https`.
+Vérifiez que votre site web est accessible en `HTTPS`.
 
 ### Étape 5 - Activez le renouvellement automatique <a name="step5"></a>
 
diff --git a/pages/index.md b/pages/index.md
@@ -226,6 +226,7 @@
             + [FAQ](bare_metal_cloud/virtual_private_servers/vps-faq)
             + [How to configure user accounts and root access on a server](bare_metal_cloud/dedicated_servers/changing_root_password_linux_ds)
             + [How to secure a VPS](bare_metal_cloud/virtual_private_servers/secure_your_vps)
+            + [How to install an SSL certificate on a VPS](bare_metal_cloud/virtual_private_servers/install-ssl-certificate)
             + [How to get started with SSH](bare_metal_cloud/dedicated_servers/ssh_introduction)
             + [How to create and use SSH keys](bare_metal_cloud/dedicated_servers/creating-ssh-keys-dedicated)
             + [How to store public authentication keys in the OVHcloud Control Panel](bare_metal_cloud/dedicated_servers/import-keys-control-panel)
