Enable SSL for WordPress

I spent 4 hours on setup the SSL of my website. I’ve search a lot of posts about how to enable SSL but nobody mentioned that you need to setup Apache fist. Here I’m sharing the whole process I’ve been using.

Some VPS hosts, like DigitalOcean that I’ve been using, require that your domain must be managed on DigitalOcean to enable the SSL feature. Check their website first for instructions.

Get a SSL certification from Let’s encrypt

Visit Certbot website, choose your software and system and it’ll show you a complete guide.

Here it’s Apache and Ubuntu 16.04. The default is like this.

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot python-certbot-apache

Since they provide plugin for DigitalOcean, here I used

sudo apt-get install certbot python3-certbot-dns-digitalocean

instead of python-certbot-apache.
Then

sudo certbot --apache

And an addition step for my dns plugin.

sudo certbot -a dns-digitalocean -i apache -d "*.example.com" -d example.com --server https://acme-v02.api.letsencrypt.org/directory

The SSL certs are store in /etc/letsencrypt/live/example.com/, where cert.pem is the public key and privkey.pem is the private.

You might need to add those files to your host’s website.

The Let’s encrypt license need to be renewed every 90 days and certbot will add a schedule using cron to do so.

ls /etc/cron.d

You should be able to see a certbot file and you don’t need to worry about the renewal.

Setup Apache

The most tricky yet most important part that I’ve been struggled to.
Edit the apache configuration file.

sudo nano /etc/apache2/sites-available/000-default.conf

I’ve added port 80 in previous post and now let’s add the 443.

<VirtualHost *:443>
    ServerName XX.XX.XX.XX
    ServerAdmin XXX@XXX.com
    DocumentRoot /var/www/html

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    SSLEngine On
    SSLCertificateFile /etc/letsencrypt/live/XXX.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/XXX.com/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/XXX.com/chain.pem

</VirtualHost>
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off

Setup wp-config.php

Open wp-config.php

sudo nano /var/www/html/wordpress/wp-config.php

Find this part

/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
        define( 'ABSPATH', dirname( __FILE__ ) . '/' );
}

Insert the following part in front of it.

$_SERVER['HTTPS'] = 'on';
define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_ADMIN', true);

Setup WordPress

Don’t bother with the .htaccess setting, install Really Simple SSL in WordPress plugin page, let it do the job.


Now try to visit https://yoursite.com, if succeed, go to WordPress Settings, change the WordPress Address (URL) and Site Address (URL) to the https address.

DON’T change this unless you could access to the https, or you won’t be able to connect to your admin page and change that setting back.

Oh it’s too late

Not yet, login to MySQL

sudo mysql -u root -p
USE wordpress;
UPDATE wp_options SET option_value='http://XXX.com' WHERE option_id=1;
UPDATE wp_options SET option_value='http://XXX.com' WHERE option_id=2;

Now you can access through http and setup everything else.

References

WordPress使用SSL证书开启HTTPS最简单的办法

WordPress一次性搞定ssl全局设置以及潜在问题解决

Leave a Reply

Your email address will not be published. Required fields are marked *