Here is a short guide on how to add HTTPS / SSL Certificates to your WordPress website.
SSL certificates are used by web servers to encrypt the traffic between the server and client, providing extra security for users accessing your application. Let’s Encrypt provides an easy way to obtain and install trusted certificates for free. Certbot makes the process of setting up and renewing the certificates really easy.
To be able to complete all the steps, you need to have access to the following:
- You must have sudo access to the server where WordPress is installed and running.
- WordPress must be installed and running on Port 80.
- The server must be running Apache on some version of Ubuntu.
- You must have a domain name that you want to enable SSL for.
If you have setup WordPress on DigitalOcean, you are probably good to proceed.
1. Install Certbot
SSH into your server: SSH into the server running your HTTP website as a user with sudo privileges. You can get this from your DigitalOcean console. You can do this via:
Install Certbot: Run these commands on the command line on the machine to install Certbot.
wget https://dl.eff.org/certbot-auto sudo mv certbot-auto /usr/local/bin/certbot-auto sudo chown root /usr/local/bin/certbot-auto sudo chmod 0755 /usr/local/bin/certbot-auto
This will install certbot and let the
root user have access to read, write, and execute.
2. Choose how you’d like to run Certbot
Automatic Setup: If you want Certbot to automatically:
- Create the certificate for you
- Edit your Apache configuration to server the certificate
- Enable HTTPS and setup redirects so your HTTP traffic gets forwarded to HTTPS
Run this command:
sudo /usr/local/bin/certbot-auto --apache
Alternate Manual Setup: If you want to make changes to your Apache configuration by hand, run this command:
sudo /usr/local/bin/certbot-auto certonly --apache
Either way, you will be guided through a setup flow where Certbot will ask for your domain name, email address, and provision the certificates.
3. Setup Automatic Renewal
Run the following line of code to setup a cron job that will try to auto renew the certificate twice every day, if it has expired.
echo "0 0, 12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew -q" | sudo tee -a /etc/crontab > /dev/null
4. Verify that renewals work with a dry run
Run this command to verify that auto-renewals will work.
sudo /usr/local/bin/certbot-auto renew --dry-run
If you get an all-clear, then you’re all set.
5. Verify your live website
Finally, let’s verify that your site is setup correctly. To do this, visit https://yourwebsite.com/ and look for the lock icon in the URL bar. You can also visit https://www.ssllabs.com/ssltest/ , enter your domain name, and verify that your certificates are valid.
Now you have WordPress setup with HTTPS/SSL Certificates. Go and brew some tea, you deserve it. ☕ If you have any questions, message me on Twitter.