SSL certificates makes your website more trustworthy to readers and it highly likely that your will spend more time or trust your content more when he sees ‘Secure’ in green in address bar. Not just this, search engine provider give higher rank to secure sites as compared to non secure websites. You can follow below steps to make your WordPress website “Secure” at not extra cost.
Let’s Encrypt is a Certificate Authority (CA) that provides an easy way to obtain and install free TLS/SSL certificates,
Step#1 Install Certbots
Update OS before installing the package
sudo apt-get update
Install package using below
sudo add-apt-repository ppa:certbot/certbot
Install certbost nginx package
sudo apt-get install python-certbot-nginx
If you are using python3.X, use following command
sudo apt-get install python3-certbot-nginx
Step#2 Configure NGINX
Most likely this is already configured. Just ensure your host names are updated corrected as below.
server_name example.com www.example.com;
Verify NGINX syntax and restart it.
sudo nginx -t
sudo systemctl reload nginxStep#3 Allow HTTPS through firewall.
sudo ufw allow 'Nginx Full'
Once this is done, you can check what all is allowed
sudo ufw status
Step#4 Obtain SSL Certificate.
Use following command to obtain SSL certificate. It will ask for email ID where notifications will be sent.
sudo certbot --nginx -d example.com -d www.example.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel):
Once your enter email ID and hit enter, it will ask for few usual confirmations.
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: A
-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: YOnce this is done, it will ask about redirect . Please find below sample example for this site.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for techtrekking.net
http-01 challenge for www.techtrekking.net
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/techtrekkingnet
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/techtrekkingnet
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/techtrekkingnet
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/techtrekkingnet
-------------------------------------------------------------------------------
Congratulations! You have successfully enabled https://techtrekking.net and
https://www.techtrekking.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=techtrekking.net
https://www.ssllabs.com/ssltest/analyze.html?d=www.techtrekking.net
-------------------------------------------------------------------------------
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/techtrekking.net/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/techtrekking.net/privkey.pem
Your cert will expire on 2018-07-30. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Step#5 Configuring WordPress
Once you have this these changes, making sure your WordPress is compatible with this changes is must. Although I did not face any issue even after not making changes in WordPress, I recommend you do it.
Although it is not mandatory, please restart your NGINX server. Once done, when you access your website, you will see “Secure” in green. Just like below.
This SSL certificate is valid for 90 days, please refer to this post to see how to set up cron job renewal of Let’s Encrypt SSL Certificate