Enabling SSL with Let’s Encrypt

So recently I read about Let’s Encrypt. It’s a pretty awesome service that provides free short-lived SSL certificates.

I thought it would be cool to share the steps I took to get my WordPress installation running Ubuntu/Apache set up with fresh SSL certificates and automated renewal.

1. Make sure that port 443 is open on the firewall:

ufw allow 443/tcp

Note: I took an extra step here to remove the additional IPv6 rule that is created

2. Ensure that ServerName and ServerAlias are configured in the vhosts configuration file:

https://httpd.apache.org/docs/current/vhosts/name-based.html#using

3. Download certbot-auto and request a certificate by following the instructions here:

https://certbot.eff.org/#ubuntutrusty-apache

Note: Once certbot-auto had downloaded, I moved it to /usr/sbin/ so I could access it in my $PATH.

4. Update WordPress Address (URL) and Site Address (URL) under Settings > General so WordPress knows that SSL is now being used:

LetsEncrypt

5. Create a redirect in /etc/apache2/sites-enabled/000-default.conf to push all requests to https://www:

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName www.domain.co.uk
    ServerAlias domain.co.uk
    Redirect permanent / https://www.domain.co.uk/
</VirtualHost>

6. Automate the certificate renewal with a cron job that runs every day at 00:30:

30 00 * * * certbot-auto renew --post-hook "service apache2 restart" --quiet --no-self-upgrade

Note: The –post-hook switch will restart apache only if the certificate is renewed

7. Restart apache

service apache2 restart

8. Finally I informed Google about the change by adding two new properties to my Webmaster Tools account:

https://domain.co.uk
https://www.domain.co.uk

9. For piece of mind, check the new configuration using Qualys SSL Labs:

LetsEncrypt

The whole process took about 15 minutes. Worth the effort if you ask me 🙂

Disclaimer: Follow the above steps at your own risk and be sure to make backups of any configuration file you edit!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.