SSL certificate in your website (the lock icon) proves the authenticity of your business or personal website. This also makes the website ready for the future as the browsers move towards blocking non-https websites. https://www.engadget.com/2019-10-04-chrome-security-block-http-content.html

Let’s Encrypt is one of the CA who provide free SSL certificate for the websites. The free certificate is having 90 days validity.

In this article, we will see how to get FREE SSL certificate for the website.

In the previous post, we saw how to publish WordPress website in Ubuntu Linux. Using the free SSL, we will secure the website.

Install WordPress on Ubuntu

Step-1 : Setting Domain Name

To setup SSL for the website, the site need to have a domain name with A record pointing to the website IP address. The domain here is moneyworkforme.in and the dns is having A record pointing to wesite IP address and www as cname record referring to the domain name.

The DNS setting can be changed in the doman registrar website or in the third party DNS provider console if custom name server is configured.

Step-2 : Setup WordPress URL

Browser and login to the WordPress website admin portal. http://<ip-address>/wp-admin

Change the WordPress Address URL and Site Address URL to the domain name – www.moneyworkforme.in

After the settings are saved, the browser refresh to the wp-admin page with the domain name as suffix instead of the IP address.

Step-3 : Installing Certbot

We need to install certbot package to get certificate from the CA and python3-certbot-apache plugin which integrates Certbot with Apache to automate certificate renewal and https configuration in the web server.

sudo apt install certbot 
sudo apt install python3-certbot-apache

Step-4 : Apache Virtual Host Configuration

To obtain SSL certificate for the web server, Certbot needs to find the website domain name and the alias name within the Apache configuration files. This information will be retrieved from the ServerName and ServerAlias fields defined in the configuration file.

sudo nano /etc/apache2/sites-available/000-default.conf

In the configuration file, add the following entries –

ServerName moneyworkforme.in
ServerAlias www.moneyworkforme.in

Step-5 : Allow HTTPS Port

Enable the tcp port 443 to accept https traffic

sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 443 -j ACCEPT

Make the firewall changes permanent

sudo netfilter-persistent save

Step-6 : Install Let’s Encrypt Certificate

sudo certbot --apache --agree-tos --email [email protected] --redirect -d moneyworkforme.in -d www.moneyworkforme.in
Parameters:
–apache: Use Apache2 Let’s Encrypt installer.
–agree-tos: Agree to Let’s Encrypt terms of service.
–redirect: Adds 301 redirect.
–email: Contact email address.
–d: add the domain name and alias name.

The “IMPORTANT NOTES” section shows the path where the certificate is downloaded.

Lets verify the same, list the items under /etc/letsencrypt/live/moneyworkforme.in to view the certificate files.

Step-7 : Setup Certificate Auto-Renewal

Automating the certificate makes the administration job easier as the certificate validity is only 90 days. Test the status of Certbot before adding the same to crontab

Check the status of the Certbot

sudo systemctl status certbot.timer

Testing the renewal process by dry run with certbot

sudo certbot renew --dry-run

Configuring Crontab for scheduling certificate auto renewal.

sudo crontab -e

Select the appropriate text editor when prompted and add the below statement.

0 1 * * * /usr/bin/certbot renew & > /dev/null

Step-8 : Fix HTTPS Redirection

When the SSL certificate is installed, the Certbot auto configures Apache2 with http to https redirection. But the auto configured redirection only works with URL having domain name (I.e http://moneyworkforme.in to https://moneyworkforme.in) but not for the IP address. To redirect http traffic with IP address in the URL to domain name, modify Apache Virtual Host Configuration.

Replace the following snippet as shown below under VirtualHost tag

Auto configured settings

RewriteEngine on
RewriteCond %{SERVER_NAME} =www.moneyworkforme.in [OR]
RewriteCond %{SERVER_NAME} =moneyworkforme.in
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Replace the above with

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://www.moneyworkforme.in/\ [R,L]

And the WordPress site is now secured with Let’s Encrypt SSL Certificate.

Hope this article is informative to you. Thank you for reading my post.