Install Let's Encrypt SSL on One-Click WordPress App

Published on: Wed, Aug 30, 2017 at 11:26 am EST

Introduction

Let's Encrypt is a certificate authority service that offers free TLS/SSL certificates. The process of installation is simplified by Certbot, a software client that automates most of the installation process. This tutorial shows how to install a Let's Encrypt SSL certificate on the One-Click Wordpress app.

Prerequisites

This tutorial assumes that you have already deployed a One-Click Wordpress app, have a domain name pointing to your server, and have logged in as root.

Step One: Update Nginx site configuration files

The first thing to do is to update your server name in the Nginx site configuration files. Stop the Nginx service.

service nginx stop

Edit the wordpress_http.conf and wordpress_https.conf Nginx configuration files. Find server_name _ and replace the _ with your domain name.

nano /etc/nginx/conf.d/wordpress_http.conf
# Replace the underscore "_" after server_name to your domain name.
server_name example.com www.example.com

nano /etc/nginx/conf.d/wordpress_https.conf
# Replace the underscore "_" after server_name to your domain name.
server_name example.com www.example.com`

Step Two: Download Certbot

Since Certbot does not come installed with Ubuntu 16.04, you need to obtain a copy of the Certbot package.

sudo add-apt-repository ppa:certbot/certbot 
sudo apt-get update  
sudo apt-get install python-certbot-nginx

The certbot package will be downloaded and installed.

Step Three: Obtain and install SSL certificate

Certbot automates the process of obtaining certificates by providing an interactive installer. Run the Certbot installer, specifying Nginx as your webserver.

certbot --nginx --redirect

Enter your email address when prompted. This will be used to send you notices regarding renewal and security. Enter "A" to agree to the terms of service. Select whether you want to share your email with the Electronic Frontier Foundation. This is optional. Press "Enter" when asked for which names you would like to activate HTTPS.

Step Four: Update Nginx configuration to force SSL

In order to force the usage of HTTPS, you will need to edit the wordpress_http.conf configuration file.

nano /etc/nginx/conf.d/wordpress_http.conf

Add the following lines to the server block.

if ($scheme = http) {
    return 301 https://$server_name$request_uri;
} 

Save the file and start the Nginx server.

service nginx start

Your Wordpress website will now be secured with a Let's Encrypt SSL certificate.

Renewing the SSL certificate

Let's Encrypt issues SSL certificates with a validity of 90 days. In order to avoid certificate errors, you must renew the certificate before it expires. Certbot also automates the renewal process.

certbot renew

This will renew your certificate for another 90 days.