Skip to content

How to install Free SSL Certificate for your wordpress setup



Content


This post assumes that you have your own wordpress setup running in Google Cloud Platform (GCP) as explained in previous posts and you have updated the DNS records for your domain with the virtual machine’s ip address. We will go through the steps to install Free SSL certificate generated by Letsencrypt.

If you have not updated the DNS records, you have to add two records :

  1. Create A record which is mapped to vm’s ip address.
  2. Create CNAME record mapped to A record for www subdomain.

Below image shows example for dns records in google domains.

Two DNS records (A record and CNAME record)

Another check : Make sure that HTTP and HTTPS both are allowed for your wordpress VM in GCP. Sometimes even during launch configuration, you have enabled both, after VM is launched, you will find both settings are disabled. So edit the virtual machine, enable both HTTP and HTTPs.

Free SSL Certificate

In below steps, change “your-domain.com” with actual value of your domain name.

Go to GCP Console > Compute Engine > VM Instances.

Against your VM, click SSH button and GCP will open SSH shell to your VM. Enter following commands :

1. This will download certbot-auto:
> wget https://dl.eff.org/certbot-auto && chmod a+x certbot-auto

2. Create SSL certificate for your domain. It may ask few options
> sudo ./certbot-auto certonly –webroot -w /var/www/html/ -d your-domain.com -d www.your-domain.com

3. Edit your default SSL configuration :
> sudo vi /etc/apache2/sites-available/default-ssl.conf

3A. Add following after ServerAdmin block in file :

            <Directory /var/www/html/>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            allow from all
            </Directory>

3B. At the end of file, Comment out lines for SnakeOil Certs and add below.

SSLCertificateFile "/etc/letsencrypt/live/your-domain.com/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/your-domain.com/privkey.pem"
SSLCertificateChainFile "/etc/letsencrypt/live/your-domain.com/chain.pem"

4. sudo vi /etc/apache2/sites-available/wordpress.conf and remove all 3 lines and add below lines.

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html

    ServerName www.your-domain.com
    ServerAlias your-domain.com
    Redirect permanent / https://www.your-domain.com/

    <Directory />
    Options FollowSymLinks
    AllowOverride None
    </Directory>
    <Directory /var/www/html/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    allow from all
    </Directory>
    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
    AllowOverride None
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    Order allow,deny
    Allow from all
    </Directory>
    ErrorLog ${APACHE_LOG_DIR}/error.log
    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

5. Restart Apache to activate above configuration changes.

sudo a2ensite default-ssl
sudo a2enmod ssl
sudo service apache2 restart

6. (Optional) Set auto renewal for cert every year.

sudo mv certbot-auto /etc/letsencrypt/
sudo crontab -e
>> Add following at the end
45 2 * * 6 cd /etc/letsencrypt/ && ./certbot-auto renew && /etc/init.d/apache2 restart

Testing

After above steps are successful, you should have your wordpress up and running now on HTTPS with SSL certificate matching to your domain name. Test it by visiting “https://<your-vm-ip-address>” and “https://<your-domain-name>”. Also check http versions are running.

WordPress Configuration Change

Now next problem is even if you visit https://<your-domain-name>.com, it will redirect to https://<your-vm-ip-address>. To solve that, you need to change wordpress configuration as below.

Before changing WordPress configuration, make sure https version is running, otherwise below change may stop access to your wordpress and wordpress-admin.

Login to wp-admin,

Got to Settings > General >

Change Site URL to “https://<your-domain.com>”

Change host URL to “https://<your-domain.com>”

After this your wordpress site and admin area both, can be accessed using “https://<your-domain.com>” and no ip address will be visible in client’s browser window.

Hope this helps you in setting up free wordpress setup.

Series Navigation<< Launch WordPress VM in GCP
Published inGCPWordpress

5 Comments

  1. Great content! Super high-quality! Keep it up! 🙂

  2. Long time supporter, and thought I’d drop a comment.

    Your wordpress site is very sleek – hope
    you don’t mind me asking what theme you’re using? (and don’t mind if I steal it?
    :P)

    I just launched my site –also built in wordpress like yours–
    but the theme slows (!) the site down quite a bit.

    In case you have a minute, you can find it by searching for “royal cbd” on Google (would
    appreciate any feedback) – it’s still in the works.

    Keep up the good work– and hope you all take care of yourself during the coronavirus scare!

  3. Like!! I blog quite often and I genuinely thank you for your information. The article has truly peaked my interest.

  4. Just wanna remark that you have a very nice site, I love the layout it actually stands out.

Leave a Reply

Your email address will not be published.

%d bloggers like this: