This guide describes how to add a LetsEncrypt SSL certificate to your apache WordPress site.
LetsEncrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Rather than pay for a certificate, we can use LetsEncrypt to provide our users with a secure, encrypted connection.
Before we begin, some of the things you’ll need are:
- sudo-level SSH access to your server. (Note: If don’t have SSH access, check here to see if your host is supported)
- A domain name that points to the IP of your WordPress site
Step 1: Install Certbot
$ cd && wget https://dl.eff.org/certbot-auto
$ chmod a+x certbot-auto
Note: Follow instructions here if you’re not using a Debian distro)
Step 2: Generate a Certificate
$ cd && ./certbot-auto certonly
When prompted, type “Y” to continue:
Once finished, select “2” to place files into your websites root folder:
Enter your full domain name:
Enter your web root, typically /var/www/ or /var/www/wordpress:
Confirm your certificate has generated successfully. If it hasn’t, repeat Step 2 and try a different web root:
Step 3: Automating Renewal
Test automatic renewal for your certificates:
$ cd && ./certbot-auto renew --dry-run
Edit the crontab:
$ crontab -e
Add these lines at the bottom:
0 0 * * * cd && ./certbot-auto renew --quiet --no-self-upgrade 0 12 * * * cd && ./certbot-auto renew --quiet --no-self-upgrade
This tells cron to check for renewal twice a day:
Step 4: Adding the Certificate to WordPress
Modify the file /etc/apache2/sites-available/wordpress so that the <VirtualHost *:443> section matches the following:
Where jamescoote.co.uk is replaced with your full domain name entered during the LetsEncrypt setup.
(Note: Your site-available may be called something different i.e. default. Find the one that relates to your WordPress installation.)
sudo service apache2 restart
Test your new certificate by visiting https://<yoursite>.
Back in WordPress, install the plugin Easy HTTPS (SSL) Redirection.
Go to the plugin’s settings and tick “Enable automatic redirection” and select “The whole domain.”
Save changes. Now visit http://<yoursite> and confirm you are automatically re-directed to the https version. You are now ready to go!