Free SSL certificate

by Posted on

In this quick-start tutorial you will learn how to configure free, auto-renewing SSL certificates for your WordPress websites.

Step 1. Connect to WordPress via SSH

Connect to your host using your terminal

Step 2. Install CertBot Client

Execute below command in terminal

wget https://dl.eff.org/certbot-auto && chmod a+x certbot-auto

Step 3. Generate Certificates

execute below command in terminal to generate certificate. Middle of the process it will ask you email address and some question to about sharing details. Remember to replace the command with your domain name and website folder path.

./certbot-auto certonly --webroot -w /var/www/<website folder>/ -d <your domain>.com -d www.<your domain>.com

Step 4. Configure the Certificates

Execute below command to edit default config file.

sudo nano /etc/apache2/sites-available/default-ssl.conf

Top of the default-ssl.conf file, past below code.

<Directory /var/www/html/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>

Also edit below three line to point to newly created certificate folder.

SSLCertificateFile "/etc/letsencrypt/live/<your domain>.com/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/<your domain>.com/privkey.pem"
SSLCertificateChainFile "/etc/letsencrypt/live/<your domain>.com/chain.pem"

Step 5. Enable HTTPS Redirect

Edit you site config file using below command.

sudo nano /etc/apache2/sites-available/wordpress.conf

Past below code 

<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html

ServerName www.<your domain>.com
ServerAlias <your domain>.com
Redirect permanent / https://www.<your domain>.com/

<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/html/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Step 6. Restart the Apache Server

sudo a2ensite default-ssl
sudo a2enmod ssl
sudo service apache2 restart

Finally

Congratulation ! Test your website with https://

Published by Manoj Prasad

I’m a senior engineer who really love JavaScript.

Leave a Reply