free-ssl-certificate

Install SSL certificate freely using Let’s Encrypt

Introduction

As you might notice, in the early of this year Automattic – the owner of WordPress has joined with many other big companies in sponsorship to a “new free and open certificate authority for the public” called Let’s Encrypt.

The idea behind Let’s Encrypt is to transition as many domains as possible from HTTP to HTTPS by providing a virtually painless one-click enrollment process during the server’s native installation.

You can read the whole article on WP Tavern here. Even right now the Let’s Encrypt is still running a beta version but today I would instruct you how to install a SSL Certificate freely for your site.

Install Let’s Encrypt

Yes, of course, first of all we have to install Let’s Encrypt, just clone it from GitHub repository:

$ git clone https://github.com/letsencrypt/letsencrypt 
$ cd letsencrypt 
$ ./letsencrypt-auto --help

Now you have Let’s Encrypt on your server.

Install SSL Certificate on Apache

Even in beta version, Let’s Encrypt has a plugin allowing you to automatically obtain and install SSL certification on your site:

./letsencrypt-auto --apache

install ssl certificate - Apache SSL Installation

After running this command, you will be asked for your email, and if your server configuration does not contain your domain name, so you have to provide those: example.com and www.example.com (separate by space or comma).

install ssl certificate Apache

Wait for a while, if the message announces success. Then, your site now is under SSL certification.

Install SSL Certificate on Nginx

The Nginx plugin for automatic SSL Certificate installation is not completed, buggy, then do not install in the letsencrypt-auto by default. Even though, we still can obtain the certificate only and setup it manually. Let’s do that.

Firstly, obtaining the SSL Certification only:

./letsencrypt-auto certonly --standalone

It is required to enter our email and domain name. If Let’s Encrypt is successful in verifying your domain name, then you will informed that there are 2 certification files saved in /etc/letsencrypt/live/example.com/ named: fullchain.pem and privkey.pem.

Now we change the Nginx configuration to use this certificate. Edit your example.com file conf in /etc/nginx/sites-available/ (I’m using easyEngine to install WordPress so the conf file is located here, you might check your /etc/nginx/conf.d folder for other settings):

server {
    listen 443;
    server_name example.com;
    ssl on;
    ssl_certificate /var/www/example.com/cert/example.com.crt;
    ssl_certificate_key /var/www/example.com/cert/example.com.key;
 #... other stuff
}


And add this to force using SSL:
server {
    listen 80;
    server_name example.com;
    return 301 https://example.com$request_uri;
}

You also have to check your nginx.conf file in /etc/nginx/nginx.conf for SSL configuration, insert those lines if they are not there:

http {
    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout 10m;
    #... other stuff
}

Finally, restart your Nginx server to get the result:

sudo service nginx restart

Ask WordPress to use SSL

Add following to your WordPress’s wp-config.php file.

To force SSL for login form:

define('FORCE_SSL_LOGIN', true);

To force SSL for wp-admin section:

define('FORCE_SSL_ADMIN', true);

Conflict with CloudFlare

If you are using CloudFlare and let your domain run through CloudFlare server, you might get error TLS while Let’s Encrypt is verifying your domain like this:

Error: The server experienced a TLS error during domain verification

Don’t worry, you just need to pause your CloudFlare service and run the Let’s Encrypt setup again.

Verify SSL Certificate Installation

Last and the most important step is to verify if the SSL certificate installation is not properly.

Below are some nice online tools to help you:

  1. https://www.wormly.com/test_ssl
  2. https://sslcheck.globalsign.com/en_US/sslcheck

If you want to dig deeper on using Let’s Encrypt or writing your own auto installation plugin – see the official documentation here.

Ratings

5 out of 5 stars based on 57 rating(s).
  • Brian Link

    I am a WordPress Developer, Freelance Blogger. I want to travel the world, learn everything and share my knowledge. Meet me at @halink0803