How to add HTTPS/SSL Certificates to a WordPress Website

Here is a short guide on how to add HTTPS / SSL Certificates to your WordPress website.

SSL certificates are used by web servers to encrypt the traffic between the server and client, providing extra security for users accessing your application. Let’s Encrypt provides an easy way to obtain and install trusted certificates for free. Certbot makes the process of setting up and renewing the certificates really easy.

Prerequisites

To be able to complete all the steps, you need to have access to the following:

  1. You must have sudo access to the server where WordPress is installed and running.
  2. WordPress must be installed and running on Port 80.
  3. The server must be running Apache on some version of Ubuntu.
  4. You must have a domain name that you want to enable SSL for.

If you have setup WordPress on DigitalOcean, you are probably good to proceed.

1. Install Certbot

SSH into your server: SSH into the server running your HTTP website as a user with sudo privileges. You can get this from your DigitalOcean console. You can do this via:

ssh USER@YOUR_SERVER_IP_ADDRESS

Install Certbot: Run these commands on the command line on the machine to install Certbot.

wget https://dl.eff.org/certbot-auto 
sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto

This will install Certbot and let the root user have access to read, write, and execute.

2. Choose how you’d like to run Certbot

Automatic Setup: If you want Certbot to automatically:

  • Create the certificate for you
  • Edit your Apache configuration to server the certificate
  • Enable HTTPS and setup redirects so your HTTP traffic gets forwarded to HTTPS

Run this command:

sudo /usr/local/bin/certbot-auto --apache

Alternate Manual Setup: If you want to make changes to your Apache configuration by hand, run this command:

sudo /usr/local/bin/certbot-auto certonly --apache

Either way, you will be guided through a setup flow where Certbot will ask for your domain name, email address, and provision the certificates.

3. Setup Automatic Renewal

Run the following line of code to setup a cron job that will try to auto renew the certificate twice every day, if it has expired.

echo "0 0, 12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew -q" | sudo tee -a /etc/crontab > /dev/null

4. Verify that renewals work with a dry run

Run this command to verify that auto-renewals will work.

sudo /usr/local/bin/certbot-auto renew --dry-run

If you get an all-clear, then you’re all set.

5. Verify your live website

Finally, let’s verify that your site is setup correctly. To do this, visit https://yourwebsite.com/ and look for the lock icon in the URL bar. You can also visit https://www.ssllabs.com/ssltest/ , enter your domain name, and verify that your certificates are valid.

Now you have WordPress setup with HTTPS/SSL Certificates. Go and brew some tea, you deserve it. ☕ If you have any questions, message me on Twitter.

Originally published at https://tilomitra.com on April 10, 2020.

Engineering Manager @ Square. I enjoy reading and writing about finance, design, and software architecture.