{"id":33,"date":"2019-04-19T17:32:14","date_gmt":"2019-04-19T22:32:14","guid":{"rendered":"https:\/\/scythk.com\/?p=33"},"modified":"2019-04-19T17:32:14","modified_gmt":"2019-04-19T22:32:14","slug":"enable-ssl-for-wordpress","status":"publish","type":"post","link":"https:\/\/scythk.com\/index.php\/2019\/04\/19\/enable-ssl-for-wordpress\/","title":{"rendered":"Enable SSL for WordPress"},"content":{"rendered":"

I spent 4 hours on setup the SSL of my website. I’ve search a lot of posts about how to enable SSL but nobody mentioned that you need to setup Apache fist. Here I’m sharing the whole process I’ve been using.<\/p>\n

Some VPS hosts, like DigitalOcean that I’ve been using, require that your domain must be managed on DigitalOcean to enable the SSL feature. Check their website first for instructions.<\/p>\n

<\/span>Get a SSL certification from Let’s encrypt<\/span><\/h2>\n

Visit Certbot website<\/a>, choose your software and system and it’ll show you a complete guide.<\/p>\n

Here it’s Apache and Ubuntu 16.04. The default is like this.<\/p>\n

sudo apt-get update\nsudo apt-get install software-properties-common\nsudo add-apt-repository universe\nsudo add-apt-repository ppa:certbot\/certbot\nsudo apt-get update\nsudo apt-get install certbot python-certbot-apache\n<\/code><\/pre>\n
Since they provide plugin for DigitalOcean, here I used<\/p>\n
sudo apt-get install certbot python3-certbot-dns-digitalocean\n<\/code><\/pre>\n
instead of\npython-certbot-apache<\/em>.\nThen<\/p>\n
sudo certbot --apache\n<\/code><\/pre>\n
And an addition step for my dns plugin.<\/p>\n
sudo certbot -a dns-digitalocean -i apache -d "*.example.com" -d example.com --server https:\/\/acme-v02.api.letsencrypt.org\/directory\n<\/code><\/pre>\n
The SSL certs are store in \/etc\/letsencrypt\/live\/example.com\/, where\ncert.pem<\/em> is the public key and privkey.pem<\/em> is the private.<\/p>\n
You might need to add those files to your host’s website.<\/p>\n
The Let’s encrypt license need to be renewed every 90 days and certbot will add a schedule using cron to do so.<\/p>\n
ls \/etc\/cron.d\n<\/code><\/pre>\n
You should be able to see a\ncertbot<\/em> file and you don’t need to worry about the renewal.<\/p>\n
<\/span>Setup Apache<\/span><\/h2>\n
The most tricky yet most important part that I’ve been struggled to.\nEdit the apache configuration file.<\/p>\n
sudo nano \/etc\/apache2\/sites-available\/000-default.conf\n<\/code><\/pre>\n
I’ve added port 80 in previous post and now let’s add the 443.<\/p>\n
<VirtualHost *:443>\n    ServerName 138.197.203.187\n    ServerAdmin scythk@gmail.com\n    DocumentRoot \/var\/www\/html\n\n    ErrorLog ${APACHE_LOG_DIR}\/error.log\n    CustomLog ${APACHE_LOG_DIR}\/access.log combined\n\n    SSLEngine On\n    SSLCertificateFile \/etc\/letsencrypt\/live\/scythk.com\/cert.pem\n    SSLCertificateKeyFile \/etc\/letsencrypt\/live\/scythk.com\/privkey.pem\n    SSLCertificateChainFile \/etc\/letsencrypt\/live\/scythk.com\/chain.pem\n\n<\/VirtualHost>\nSSLProtocol all -SSLv3 -TLSv1 -TLSv1.1\nSSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS\nSSLHonorCipherOrder on\nSSLCompression off\nSSLSessionTickets off\n<\/code><\/pre>\n
<\/span>Setup wp-config.php<\/span><\/h2>\n
Open wp-config.php<\/p>\n
sudo nano \/var\/www\/html\/wp-config.php\n<\/code><\/pre>\n
Find this part<\/p>\n
\/** Absolute path to the WordPress directory. *\/\nif ( ! defined( 'ABSPATH' ) ) {\n        define( 'ABSPATH', dirname( __FILE__ ) . '\/' );\n}\n<\/code><\/pre>\n
Insert the following part in front of it.<\/p>\n
$_SERVER['HTTPS'] = 'on';\ndefine('FORCE_SSL_LOGIN', true);\ndefine('FORCE_SSL_ADMIN', true);\n<\/code><\/pre>\n
<\/span>Setup Wordpress<\/span><\/h2>\n
Don’t bother with the .htaccess setting, install Really Simple SSL in WordPress plugin page, let it do the job.<\/p>\n
\"\"<\/figure>\n
\"\"<\/figure>\n
Now try to visit https:\/\/yoursite.com<\/a>, if succeed, go to WordPress Settings, change the\nWordPress Address (URL)<\/strong> and Site Address (URL)<\/strong> to the https address.<\/p>\n
\"\"<\/figure>\n
DON’T<\/strong> change this unless you could access to the https, or you won’t be able to connect to your admin page and change that setting back.<\/p>\n
<\/span>Oh it’s too late<\/span><\/h3>\n
\nNot yet, login to MySQL\n\n
sudo mysql -u root -p\n<\/code><\/pre>\n\n
USE wordpress;\nUPDATE wp_options SET option_value='http:\/\/yoursite.com' WHERE option_id=1;\nUPDATE wp_options SET option_value='http:\/\/yoursite.com' WHERE option_id=2;\n<\/code><\/pre>\n\nNow you can access through http and setup everything else.\n<\/details>\n
<\/span>References<\/span><\/h2>\n
Wordpress\u4f7f\u7528SSL\u8bc1\u4e66\u5f00\u542fHTTPS\u6700\u7b80\u5355\u7684\u529e\u6cd5<\/a><\/p>\n
WordPress\u4e00\u6b21\u6027\u641e\u5b9assl\u5168\u5c40\u8bbe\u7f6e\u4ee5\u53ca\u6f5c\u5728\u95ee\u9898\u89e3\u51b3<\/a><\/p>","protected":false},"excerpt":{"rendered":"
I spent 4 hours on setup the SSL of my website. I’ve search a lot of posts about how to enable SSL but nobody mentioned that you need to setup Apache fist. Here I’m sharing the whole process I’ve been using. Some VPS hosts, like DigitalOcean that I’ve been using, require that your domain must […]<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-33","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/paTSGz-x","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/scythk.com\/index.php\/wp-json\/wp\/v2\/posts\/33","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/scythk.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/scythk.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/scythk.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/scythk.com\/index.php\/wp-json\/wp\/v2\/comments?post=33"}],"version-history":[{"count":3,"href":"https:\/\/scythk.com\/index.php\/wp-json\/wp\/v2\/posts\/33\/revisions"}],"predecessor-version":[{"id":39,"href":"https:\/\/scythk.com\/index.php\/wp-json\/wp\/v2\/posts\/33\/revisions\/39"}],"wp:attachment":[{"href":"https:\/\/scythk.com\/index.php\/wp-json\/wp\/v2\/media?parent=33"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/scythk.com\/index.php\/wp-json\/wp\/v2\/categories?post=33"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/scythk.com\/index.php\/wp-json\/wp\/v2\/tags?post=33"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}