Want to setup LetsEncrypt SSL Certificate for your wordpress site, but don’t know where to begin?
You are in the right place. I’m going to guide you how to do it step-by-step.
Why LetsEncrypt?
LetsEncrypt is a free open certificate authority — basically enable HTTPS for your website/domain name for FREE. It’s pretty awesome.
If you don’t know why HTTPS matters, please read here.
Disclaimer
This guide isn’t quite for a complete novice. You’ll need basic knowledge of your web host server, DNS, and shell access.
I’ve posted this article previously at Medium.
Prerequisite:
-
- SSH access and root privilege to your web host/server.
- Your own domain name(s).
- You’ve already setup DNS for your domain name (i.e. A Record, Nameserver, etc).
-
Here is my setup for WordPress Multi-site
- Google Compute Engine Instance (aka Google Cloud).
- Bitnami with Debian 8, Apache2, and WP-Multisites.
1st Step: Enable Jessie Backport on Debian 8
This step is required for the web server with Apache2 on Debian 8.
Open /etc/apt/sources.list
and add the following
deb http://ftp.debian.org/debian jessie-backports main
Then
Run the following from your command line.
apt-get -t jessie-backports install "package"For more info about Jessie backport, go this link.
2nd Step: Install Certbot on your Server
You can go to Certbot website to see which version to install if you use a different server configuration/software — mine is Apache2 on Debian 8.
sudo apt-get install python-certbot-apache -t jessie-backports
3rd Step: Acquire SSL Certificate for your Domain
For this guide, we are going to assume that you need HTTPS for each of your domain name.
Since my Apache webserver and WordPress are configured with Bitnami,
Run the following command
sudo certbot certonly — webroot -w /opt/bitnami/apps/APPNAME/htdocs/ -d DOMAIN
If your server isn’t configured with Bitnami.
Run the following command instead
sudo certbot certonly — webroot -w APP_PUBLIC_PATH -d DOMAIN
where
- APPNAME = your application name (i.e. wordpress)
- APP_PUBLIC_PATH = htdocs or public folder
- DOMAIN=your domain name (i.e. example.com)
If succeed, you’ll get a message
“Congratulation” your certificates will be stored in /opt/letsencrypt/live/DOMAIN/…..
Each certificate (per domain name) will consist of 2 things (you’ll need these for step#5):
- fullchain.pem
- privkey.pem
Repeat this step for the rest of your domain names.
Also, don’t forget to backup these certificates.
4th Step: Ensure your Virtual Host is Setup Correctly
For Apache server with Bitnami configuration, make sure Apache2 vhosts.conf in /opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf is linked to your app.
Make sure the following line is included in bitnami-apps-vhosts.conf file:
Include "/opt/bitnami/apps/APP/conf/httpd-vhosts.conf"
where APP = your application name (i.e. WordPress)
5th Step: Setup Virtual Host with SSLCertificateFile and SSLCertificateKeyFile for each Domain Name
Open httpd-vhosts.conf.
For Bitnami configuration, it’s located at /opt/bitnami/apps/APP/conf/httpd-vhosts.conf.
Add (or updating if existing) the following for each of your domain name:
<VirtualHost *:443>
ServerName DOMAINNAME
ServerAlias www.DOMAINNAME
DocumentRoot "/opt/bitnami/apps/APP/htdocs"
SSLEngine on
SSLCertificateFile "PATH_TO_FULLCHAIN_PM"
SSLCertificateKeyFile "PATH_TO_PRIVATE_PM"
Include "/opt/bitnami/apps/APP/conf/httpd-app.conf"
</VirtualHost>
Remember step#3? We need to refer SSL Certificate File and Keyfile to fullchain.pm and privkey.pm.
PATH_FULL_CHAIN_PM is located in /opt/letsencrypt/live/YOURDOMAINNAME/fullchain.pm.
PATH_TO_PRIVATE_PM is located in /opt/letsencrypt/live/YOURDOMAINNAME/privkey.pm.
6th Step: Restart your Apache
For Apache webserver with Bitnami configuration,
Run the following command:
sudo /opt/bitnami/ctlscript.sh restart apache
7th Step: Test your Website with HTTPS
Open the web browser and type in your domain name with https (i.e. https://example.com).
If you are able to access your website, congratulation you’ve secured your website.
