How To Install Free SSL certificate using Let’s Encrypt

As you might notice, in the early of this year Automattic - the owner of WordPress has joined with many other big companies in sponsorship to a "new free and open certificate authority for the public" called Let's Encrypt.

The idea behind Let’s Encrypt is to transition as many domains as possible from HTTP to HTTPS by providing a virtually painless one-click enrollment process during the server’s native installation.

You can read the whole article on WP Tavern here. Even right now the Let's Encrypt is still running a beta version but today I would instruct you "how to install an SSL Certificate freely for your site."

Install Let's Encrypt

Yes, of course, first of all, we have to install Let's Encrypt, just clone it from GitHub repository:

$ git clone https://github.com/certbot/certbot
$ cd letsencrypt
$ ./letsencrypt-auto --help

Now you have Let's Encrypt on your server.

Install SSL Certificate on Apache

Even in beta version, Let's Encrypt has a plugin allowing you to automatically obtain and install SSL certification on your site:

./letsencrypt-auto --apache

After running this command, you will be asked for your email, and if your server configuration does not contain your domain name, so you have to provide those: example.com and www.example.com (separated by space or comma). Wait for a while, if the message announces success. Then, your site now is under SSL certification.

Install SSL Certificate on Nginx

The Nginx plugin for automatic SSL Certificate installation is not completed, buggy then does not install in the letsencrypt-auto by default. Even though, we still can obtain the certificate only and setup it manually. Let's do that. Firstly, obtaining the SSL Certification only:

./letsencrypt-auto certonly --standalone

It is required to enter our email and domain name. If Let's Encrypt is successful in verifying your domain name, then you will be informed that there are 2 certification files saved in /etc/letsencrypt/live/example.com/ named: fullchain.pem and privkey.pem. Now we change the Nginx configuration to use this certificate. Edit your example.com file conf in /etc/nginx/sites-available/ (I'm using easyEngine to install WordPress so the conf file is located here, you might check your /etc/nginx/conf.d folder for other settings):

server {
    listen 443;
    server_name example.com;
    ssl on;
    ssl_certificate /var/www/example.com/cert/example.com.crt;
    ssl_certificate_key /var/www/example.com/cert/example.com.key;
 #... other stuff
}

And add this to force using SSL:

server {
    listen 80;
    server_name example.com;
    return 301 https://example.com$request_uri;
}

You also have to check your nginx.conf file in /etc/nginx/nginx.conf for SSL configuration, insert those lines if they are not there:

http {
    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout 10m;
    #... other stuff
}

Finally, restart your Nginx server to get the result:

sudo service nginx restart

Ask WordPress to use SSL

Add following to your WordPress’s wp-config.php file. To force SSL for login form:

define('FORCE_SSL_LOGIN', true);

To force SSL for the wp-admin section:

define('FORCE_SSL_ADMIN', true);

Conflict with CloudFlare

If you are using CloudFlare and let your domain run through CloudFlare server, you might get error TLS while Let's Encrypt is verifying your domain like this: Error: The server experienced a TLS error during domain verification Don't worry, you just need to pause your CloudFlare service and run the Let's Encrypt setup again.

Verify SSL Certificate Installation

Last and the most important step is to verify if the SSL certificate installation is not properly. Below are some nice online tools to help you:

1. https://www.wormly.com/test_ssl
2. https://globalsign.ssllabs.com/

If you want to dig deeper into using Let's Encrypt or writing your own auto installation plugin - see the official documentation here.