This guide describes how to add a LetsEncrypt SSL certificate to your apache WordPress site.

LetsEncrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Rather than pay for a certificate, we can use LetsEncrypt to provide our users with a secure, encrypted connection.

Prerequisites

Before we begin, some of the things you’ll need are:

sudo-level SSH access to your server. (Note: If don’t have SSH access, check here to see if your host is supported)

A domain name that points to the IP of your WordPress site

Step 1: Install Certbot

$ cd && wget https://dl.eff.org/certbot-auto

$ chmod a+x certbot-auto

Note: Follow instructions here if you’re not using a Debian distro)

Step 2: Generate a Certificate

$ cd && ./certbot-auto certonly

When prompted, type “Y” to continue:

Once finished, select “2” to place files into your websites root folder:

Enter your full domain name:

Enter your web root, typically /var/www/ or /var/www/wordpress:

Confirm your certificate has generated successfully. If it hasn’t, repeat Step 2 and try a different web root:

Step 3: Automating Renewal

Test automatic renewal for your certificates:

$ cd && ./certbot-auto renew --dry-run

Check the output to confirm it was successful:



Edit the crontab:

$ crontab -e

Add these lines at the bottom:

0 0 * * * cd && ./certbot-auto renew --quiet --no-self-upgrade 0 12 * * * cd && ./certbot-auto renew --quiet --no-self-upgrade

This tells cron to check for renewal twice a day:

Step 4: Adding the Certificate to WordPress

Modify the file /etc/apache2/sites-available/wordpress so that the <VirtualHost *:443> section matches the following:

Where jamescoote.co.uk is replaced with your full domain name entered during the LetsEncrypt setup.

(Note: Your site-available may be called something different i.e. default. Find the one that relates to your WordPress installation.)

Restart apache:

sudo service apache2 restart

Test your new certificate by visiting https://<yoursite>.

Back in WordPress, install the plugin Easy HTTPS (SSL) Redirection.

Go to the plugin’s settings and tick “Enable automatic redirection” and select “The whole domain.”

Save changes. Now visit http://<yoursite> and confirm you are automatically re-directed to the https version. You are now ready to go!