OpenLiteSpeed Server vHost cofiguration using terminal (With Let’s Encrypt SSL)

Spread the love

You can configure your virtual host using WebAdmin. But if you prefer, the terminal way, then follow the following steps.

The virtual host configuration is mainly kept in directory:


In the above directory you can see a file named: ‘httpd_config.conf’. Which is the main configuration file for the litespeed server.

Every virtual configuration file has to be referenced in the above file. You would also find an example for ‘Example’ named vhost. The ‘Example’ vhost file is located in below directory:


You can use that file to configure your own vhost. Below is the minimum vhost file that is required:

docRoot                   /home/domain/
 enableGzip                1
 cgroups                   0
 errorlog /home/logs/domain/error.log {
   useServer               1
   logLevel                DEBUG
   rollingSize             10M
 accesslog /home/logs/domain/access.log {
   useServer               0
   rollingSize             10M
   keepDays                30
   compressArchive         0
 index  {
   useServer               0
   indexFiles              index.html index.php
   autoIndex               0
   autoIndexURI            /_autoindex/default.php
 errorpage 404 {
   url                     /error404.html
 scripthandler  {
   add                     lsapi:lsphp php
 expires  {
   enableExpires           1
 accessControl  {
   allow                   *
 context / {
   location                $DOC_ROOT/
   allowBrowse             1
 rewrite  {
 RewriteFile .htaccess
 rewrite  {
   enable                  0
   logLevel                0

Note: Always chown and chgrp (there is a short way, that I don’t remember. Please comment below if you know) to the user and group of Litespeed server. (Usually user is ‘lsadm’ and group is ‘nobody’).

For SSL support use following commands on CentOS 8:

sudo dnf install epel-release

sudo dnf upgrade

sudo yum install snapd

sudo systemctl enable --now snapd.socket

sudo ln -s /var/lib/snapd/snap /snap


Your system will restart and then run the following to obtain the certificate:

sudo systemctl enable --now snapd.socket

sudo snap install core; sudo snap refresh core

sudo snap install --classic certbot

sudo ln -s /snap/bin/certbot /usr/bin/certbot

sudo certbot certonly --webroot

Then it will ask few questions, answer them according to your website configuration. My answers were following (please read carefully, as some of the information needs to be changed, like email):

[root@faltutechLite ~]# sudo snap install --classic certbot
 certbot 1.10.1 from Certbot Project (certbot-eff✓) installed
 [root@faltutechLite ~]# sudo ln -s /snap/bin/certbot /usr/bin/certbot
 [root@faltutechLite ~]# sudo certbot certonly --webroot
 Saving debug log to /var/log/letsencrypt/letsencrypt.log
 Plugins selected: Authenticator webroot, Installer None
 Enter email address (used for urgent renewal and security notices)
  (Enter 'c' to cancel): [email protected]
 Please read the Terms of Service at You must
 agree in order to register with the ACME server. Do you agree?
 (Y)es/(N)o: y
 Would you be willing, once your first certificate is successfully issued, to
 share your email address with the Electronic Frontier Foundation, a founding
 partner of the Let's Encrypt project and the non-profit organization that
 develops Certbot? We'd like to send you email about our work encrypting the web,
 EFF news, campaigns, and ways to support digital freedom.
 (Y)es/(N)o: y
 Account registered.
 Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
 to cancel):,
 Requesting a certificate for and
 Performing the following challenges:
 http-01 challenge for
 http-01 challenge for
 Input the webroot for (Enter 'c' to cancel): /home/web/domain
 Select the webroot for
 1: Enter a new webroot
 2: /home/web/domain
 Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
 Waiting for verification…
 Cleaning up challenges
 Subscribe to the EFF mailing list (email: [email protected]).
 Congratulations! Your certificate and chain have been saved at:
 Your key file has been saved at:
 Your cert will expire on 2021-03-17. To obtain a new or tweaked
 version of this certificate in the future, simply run certbot
 again. To non-interactively renew all of your certificates, run
 "certbot renew"
 If you like Certbot, please consider supporting our work by:
 Donating to ISRG / Let's Encrypt:
 Donating to EFF:           

Now we certificate is saved at: /etc/letsencrypt/live/ and chain in /etc/letsencrypt/live/

You can use WebAdmin to setup the SSL or add the following line at the end of your configuration for vhost:

vhssl  {
   keyFile                 /etc/letsencrypt/live/
   certFile                /etc/letsencrypt/live/

Don’t forget to add a listener in master config file and map to your vhost.

vHost Mapping and listener mapping and SSL configuration can be easily done by using WebAdmin panel. I will end this here, and will come back later with more…