Hi! 😊

Use Free SSL certificate and Move to HTTPS for your wordpress Website

Use Free SSL certificate and Move to HTTPS for your wordpress Website

This is about my most recent experience about switching my blog to HTTPS using a free SSL certificate from letsencrypt and configuring the wordpress configurations, though it took me around a whole day to mess around 😀

  • Install SSL certificate from Let’sEncrypt (which is free and should be renewed every 3 months)
    This guide from Certbot https://certbot.eff.org/  has helped me in configuring the certificate within some minutes

    • I have placed a Cron to renew the certificate every 2 months
      10 10 * */2 * root certbot renew –quiet
  • Configure HTTPS on nginx 
    • My configuration for the  nginx (/etc/nginx/nginx.conf)
      well I use a proxy passe to apache where all vhost are stored 😀


server {
listen 80 default_server;
server_name test.com www.test.net;
root <documentRoot>;
return 301 https://$host$request_uri; 
...
}
#HTTPS
server {
listen 443 ssl;
server_name test.com www.test.net;
root <documentRoot>;
ssl on;
ssl_certificate /etc/letsencrypt/live/test.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/test.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://x.y.z.w:ffff$request_uri;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
error_page 400 401 402 403 404 @maintenance400;
location @maintenance400 {
if ($uri !~ ^/maintenance_files/) {
rewrite ^(.*)$ /404.html break;
}
}
error_page 500 502 503 504 @maintenance500;
location @maintenance500 {
if ($uri !~ ^/maintenance_files/) {
rewrite ^(.*)$ /503.html break;
}
}

The certificate path will be provided to you on the console while generating using the guide for certbot

  • Restart the Nginx service
    • service nginx restart
  • Your URL should be accessible via HTTPS :-), however the contents for your wordpress content might be distorted (if its fresh start then it is fine else if you are migrating to HTTPS, you will curse yourself 😀  — redirection loops, distort contents, Insecure elements loading…)
  • Configuring Your wordpress to works under HTTPS which passe through proxy
    • Make a dump of your database (to be on safer side) which is being used by wordpress
    • Logon to your WordPress Dashboard
    • Install Plugin “WordPress HTTPS”
    • On HTTPS settings (found on the dashboard itself),
      On general Settings (make sure its like the following)

      • SSL HOST: yourdomain.com
      • checked FORCE SSL ADMINISTRATION
      • Checked Remove Unsecured Elements
      • Proxy – click on “Yes”
      • Click on save Changes
  • Screenshot from 2016-08-06 23-09-09
    • Go to General Settings,
      on wordress Address URL – change it to https://yourdomain.com
      On Site Adress URL – change it to https://yourdomain.com
    • Go to your Document Root and add the following configurations to your wp-config.php file

$DOCUMENT_ROOT/wp-config.php

define('FORCE_SSL_ADMIN', true);
// in some setups HTTP_X_FORWARDED_PROTO might contain
// a comma-separated list e.g. http,https
// so check for https existence
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';

 

Try to refresh your Website, it should be redirected to https 😀

In case you have some insecure elements, test your website on https://www.whynopadlock.com/

and follow the guide https://givewp.com/documentation/resources/how-to-use-ssl-and-https-for-your-wordpress-website/

 

Reference:

  • https://certbot.eff.org/
  • https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-as-a-web-server-and-reverse-proxy-for-apache-on-one-ubuntu-14-04-droplet
  • https://givewp.com/documentation/resources/how-to-use-ssl-and-https-for-your-wordpress-website/
  • http://www.wpbeginner.com/wp-tutorials/how-to-add-ssl-and-https-in-wordpress/

 

 

 

Made with ♡ ♥💕❤ from Mauritius