Use Free SSL certificate and Move to HTTPS for your wordpress Website
This is about my most recent experience about switching my blog to HTTPS using a free SSL certificate from letsencrypt and configuring the wordpress configurations, though it took me around a whole day to mess around 😀
- Install SSL certificate from Let’sEncrypt (which is free and should be renewed every 3 months)
This guide from Certbot https://certbot.eff.org/ has helped me in configuring the certificate within some minutes- I have placed a Cron to renew the certificate every 2 months
10 10 * */2 * root certbot renew –quiet
- I have placed a Cron to renew the certificate every 2 months
- Configure HTTPS on nginx
- My configuration for the nginx (/etc/nginx/nginx.conf)
well I use a proxy passe to apache where all vhost are stored 😀
- My configuration for the nginx (/etc/nginx/nginx.conf)
server {
listen 80 default_server;
server_name test.com www.test.net;
root <documentRoot>;
return 301 https://$host$request_uri;
...
}
#HTTPS
server {
listen 443 ssl;
server_name test.com www.test.net;
root <documentRoot>;
ssl on;
ssl_certificate /etc/letsencrypt/live/test.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/test.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://x.y.z.w:ffff$request_uri;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
error_page 400 401 402 403 404 @maintenance400;
location @maintenance400 {
if ($uri !~ ^/maintenance_files/) {
rewrite ^(.*)$ /404.html break;
}
}
error_page 500 502 503 504 @maintenance500;
location @maintenance500 {
if ($uri !~ ^/maintenance_files/) {
rewrite ^(.*)$ /503.html break;
}
}
The certificate path will be provided to you on the console while generating using the guide for certbot
- Restart the Nginx service
- service nginx restart
- Your URL should be accessible via HTTPS :-), however the contents for your wordpress content might be distorted (if its fresh start then it is fine else if you are migrating to HTTPS, you will curse yourself 😀 — redirection loops, distort contents, Insecure elements loading…)
- Configuring Your wordpress to works under HTTPS which passe through proxy
- Make a dump of your database (to be on safer side) which is being used by wordpress
- Logon to your WordPress Dashboard
- Install Plugin “WordPress HTTPS”
- On HTTPS settings (found on the dashboard itself),
On general Settings (make sure its like the following)- SSL HOST: yourdomain.com
- checked FORCE SSL ADMINISTRATION
- Checked Remove Unsecured Elements
- Proxy – click on “Yes”
- Click on save Changes
- Go to General Settings,
on wordress Address URL – change it to https://yourdomain.com
On Site Adress URL – change it to https://yourdomain.com - Go to your Document Root and add the following configurations to your wp-config.php file
- Go to General Settings,
$DOCUMENT_ROOT/wp-config.php
define('FORCE_SSL_ADMIN', true);
// in some setups HTTP_X_FORWARDED_PROTO might contain
// a comma-separated list e.g. http,https
// so check for https existence
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';
Try to refresh your Website, it should be redirected to https 😀
In case you have some insecure elements, test your website on https://www.whynopadlock.com/
and follow the guide https://givewp.com/documentation/resources/how-to-use-ssl-and-https-for-your-wordpress-website/
Reference:
- https://certbot.eff.org/
- https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-as-a-web-server-and-reverse-proxy-for-apache-on-one-ubuntu-14-04-droplet
- https://givewp.com/documentation/resources/how-to-use-ssl-and-https-for-your-wordpress-website/
- http://www.wpbeginner.com/wp-tutorials/how-to-add-ssl-and-https-in-wordpress/