Installing an SSL certificate with Certbot on WordPress
Is there any way to do this through the command line? All I see are outdated and unsupported WP plugins that do this, and I'm having issues with the guides listed at https://www.linode.com/docs/guides/enabling-https-using-certbot-with-nginx-on-ubuntu/
Any help would be appreciated!
2 Replies
✓ Best Answer
So I pretty much broke down step-by-step how to do this after spending an infuriatingly long time trying to figure out how to do this on my own. Hope it helps.
This Tony Teaches Tech video basically walks you through the process:
https://www.youtube.com/watch?v=bgcRhucEn90
Here's my written version, with a little more information on a couple steps that I got stuck on.
Note: In this guide please replace all instances of the 111.111.111.111
IP Address with your server/site's IPv4 Address.
After ensuring that your Domain's Registrar has A/AAAA records pointed towards the IP address of your Linode, log into your server via SSH.
SSH into your server: ssh root@111.111.111.111
Enter your Password.
Modify your wordpress.conf
file in your /etc/apache2/sites-available
directory using vim
or nano
by running either:
vim wordpress.conf
OR
nano wordpress.conf
Your configuration by default should look like this:
<Directory /var/www/wordpress/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<VirtualHost *:80>
ServerName 111.111.111.111
ServerAdmin webmaster@localhost
DocumentRoot /var/www/wordpress/
ErrorLog /var/log/apache2/wordpress/error.log
CustomLog /var/log/apache2/wordpress/access.log combined
<files xmlrpc.php>
order allow,deny
deny from all
</files>
</VirtualHost>
You will want to change the IP Address in the ServerName
field from the default IP address listed to your website's domain (111.111.111.111
in your case will be your server's IP address)
It is also recommended that you add just below the ServerName
an Alias. The modified file should look like this:
<Directory /var/www/wordpress/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<VirtualHost *:80>
ServerName yourdomain.com
ServerAlias www.yourdomain.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/wordpress/
ErrorLog /var/log/apache2/wordpress/error.log
CustomLog /var/log/apache2/wordpress/access.log combined
<files xmlrpc.php>
order allow,deny
deny from all
</files>
</VirtualHost>
After you have finished modifying your Apache2 Virtual Host file, you will need to restart the Apache2 server by running one of the following commands:
systemctl restart apache2
sudo systemctl restart apache2
Next, you will run Cerbot
by running the following command:
apt-get install certbot python-certbot-apache
Then Run:
certbot --apache
Certbot will then ask Which names would you like to activate HTTPS for?
1: yourdomain.com
2: www.yourdomain.com
You can just Enter
here to select HTTPS for both of these domains.
The last step here is can occasionally cause some issues. Certbot
will now ask if you want to redirect all HTTP traffic to HTTPS (which you almost certainly do). When you select 2
you may then encounter some variation of the following error:
An unexpected error occurred:
Error creating new order : : Cannot issue for "yourdomain.com"
The exact error may vary, but there are two things that usually cause this. Either it is:
An error (typo) in the changes you made in Virtual Hosts file previously (where you changed the IP address to your domain)
OR
You need to make the same modifications which you made to your Virtual Hosts file (which is only listening over port 80) to the wordpress-le-ssl.conf
file (which is listening over port 443) located at /etc/apache2/sites-available
Keep in mind that after any changes you make to your Apache2
configuration that you will need to restart the service in order to see these changes realized for your SSL certification to work properly.
That should pretty much do it.
You may need to clear your cache/cookies if your certificate was installed correctly and you still see one or both of the variations of your domains (www.yoursite.com
and yoursite.com
) as being listed as insecure.
One last thing that usually results from making changes to serving content over HTTP content and HTTPS content is that your original WP configuration files are still pointing to your server's IP address, not your new shiny domain.
To fix this you just need to go to:
yourdomain.com/wp-login.php
- Log in
- Navigate to
Settings
- Modify the
WordPress Address (URL)
field from your server's IP address to behttps://yourdomain.com
- Also modify the
Site Address (URL)
field from your server's IP address tohttps://yourdomain.com
- Click the
Save Changes
at the bottom of the page.
I hope my pain saves you a little effort.
-Micah