Enabling SSL with Let’s Encrypt

• Craig

So recently I read about Let’s Encrypt. It’s a pretty awesome service that provides free short-lived SSL certificates.

I thought it would be cool to share the steps I took to get my WordPress installation running Ubuntu/Apache set up with fresh SSL certificates and automated renewal.

  • Make sure that port 443 is open on the firewall:
ufw allow 443/tcp

Note: I took an extra step here to remove the additional IPv6 rule that is created

  • Ensure that ServerName and ServerAlias are configured in the vhosts configuration file:
https://httpd.apache.org/docs/current/vhosts/name-based.html#using
  • Download certbot-auto and request a certificate by following the instructions here:
https://certbot.eff.org/#ubuntutrusty-apache

Note: Once certbot-auto had downloaded, I moved it to /usr/sbin/ so I could access it in my $PATH.

  • Update** WordPress Address (URL)** and Site Address (URL) under Settings > General so WordPress knows that SSL is now being used:

wordpress

  • Create a redirect in /etc/apache2/sites-enabled/000-default.conf to push all requests to https:
<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName www.domain.co.uk
    ServerAlias domain.co.uk
    Redirect permanent / https://www.domain.co.uk/
</VirtualHost>
  • Automate the certificate renewal with a cron job that runs every day at 00:30:
30 00 * * *certbot-auto renew --post-hook "service apache2 restart" --quiet --no-self-upgrade

Note: The** –post-hook** switch will restart apache only if the certificate is renewed

  • Restart apache
service apache2 restart
https://domain.co.uk
https://www.domain.co.uk

SSLLabs

The whole process took about 15 minutes. Worth the effort if you ask me :-)

:rotating_light: Disclaimer: Follow the above steps at your own risk and be sure to make backups of any configuration file you edit!