How to Guide: Setup FREE SSL Certificates & Secure your WordPress Multi-sites.

linux display
TechnologyLeave a Comment on How to Guide: Setup FREE SSL Certificates & Secure your WordPress Multi-sites.

How to Guide: Setup FREE SSL Certificates & Secure your WordPress Multi-sites.

Want to setup LetsEncrypt SSL Certificate for your wordpress site, but don’t know where to begin?
You are in the right place. I’m going to guide you how to do it step-by-step.

Why LetsEncrypt?

LetsEncrypt is a free open certificate authority — basically enable HTTPS for your website/domain name for FREE. It’s pretty awesome.

If you don’t know why HTTPS matters, please read here.

Disclaimer

This guide isn’t quite for a complete novice. You’ll need basic knowledge of your web host server, DNS, and shell access.

I’ve posted this article previously at Medium.

Prerequisite:

    • SSH access and root privilege to your web host/server.
    • Your own domain name(s).
    • You’ve already setup DNS for your domain name (i.e. A Record, Nameserver, etc).
  • Here is my setup for WordPress Multi-site

    • Google Compute Engine Instance (aka Google Cloud).
    • Bitnami with Debian 8, Apache2, and WP-Multisites.

1st Step: Enable Jessie Backport on Debian 8

This step is required for the web server with Apache2 on Debian 8.

Open /etc/apt/sources.list

and add the following

deb http://ftp.debian.org/debian jessie-backports main

Then

Run the following from your command line.

apt-get -t jessie-backports install "package"

For more info about Jessie backport, go this link.

2nd Step: Install Certbot on your Server

You can go to Certbot website to see which version to install if you use a different server configuration/software — mine is Apache2 on Debian 8.

sudo apt-get install python-certbot-apache -t jessie-backports

3rd Step: Acquire SSL Certificate for your Domain

For this guide, we are going to assume that you need HTTPS for each of your domain name.

Since my Apache webserver and WordPress are configured with Bitnami,

Run the following command

sudo certbot certonly — webroot -w /opt/bitnami/apps/APPNAME/htdocs/ -d DOMAIN

If your server isn’t configured with Bitnami.

Run the following command instead

sudo certbot certonly — webroot -w APP_PUBLIC_PATH -d DOMAIN

where

  • APPNAME = your application name (i.e. wordpress)
  • APP_PUBLIC_PATH = htdocs or public folder
  • DOMAIN=your domain name (i.e. example.com)

If succeed, you’ll get a message

“Congratulation” your certificates will be stored in /opt/letsencrypt/live/DOMAIN/…..

Each certificate (per domain name) will consist of 2 things (you’ll need these for step#5):

  • fullchain.pem
  • privkey.pem

Repeat this step for the rest of your domain names.

Also, don’t forget to backup these certificates.

4th Step: Ensure your Virtual Host is Setup Correctly

For Apache server with Bitnami configuration, make sure Apache2 vhosts.conf in /opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf is linked to your app.

Make sure the following line is included in bitnami-apps-vhosts.conf file:

Include "/opt/bitnami/apps/APP/conf/httpd-vhosts.conf"

where APP = your application name (i.e. WordPress)

5th Step: Setup Virtual Host with SSLCertificateFile and SSLCertificateKeyFile for each Domain Name

Open httpd-vhosts.conf.

For Bitnami configuration, it’s located at /opt/bitnami/apps/APP/conf/httpd-vhosts.conf.

Add (or updating if existing) the following for each of your domain name:

 <VirtualHost *:443>
    ServerName DOMAINNAME
    ServerAlias www.DOMAINNAME
    DocumentRoot "/opt/bitnami/apps/APP/htdocs"
    SSLEngine on
    SSLCertificateFile "PATH_TO_FULLCHAIN_PM"
    SSLCertificateKeyFile "PATH_TO_PRIVATE_PM"
    Include "/opt/bitnami/apps/APP/conf/httpd-app.conf"
 </VirtualHost>

Remember step#3? We need to refer SSL Certificate File and Keyfile to fullchain.pm and privkey.pm.

PATH_FULL_CHAIN_PM is located in /opt/letsencrypt/live/YOURDOMAINNAME/fullchain.pm.

PATH_TO_PRIVATE_PM is located in /opt/letsencrypt/live/YOURDOMAINNAME/privkey.pm.

6th Step: Restart your Apache

For Apache webserver with Bitnami configuration,

Run the following command:

sudo /opt/bitnami/ctlscript.sh restart apache

7th Step: Test your Website with HTTPS

Open the web browser and type in your domain name with https (i.e. https://example.com).

If you are able to access your website, congratulation you’ve secured your website.

I am a professional software/game developer and entrepreneur. I write about technology in weird places, solo traveling, digital nomad-lifestyle, and random ranting topics.

Leave a Reply

Back To Top