Installing an SSL certificate with Certbot on WordPress
Is there any way to do this through the command line? All I see are outdated and unsupported WP plugins that do this, and I'm having issues with the guides listed at https://www.linode.com/docs/guides/enabling-https-using-certbot-with-nginx-on-ubuntu/
Any help would be appreciated!
✓ Best Answer
So I pretty much broke down step-by-step how to do this after spending an infuriatingly long time trying to figure out how to do this on my own. Hope it helps.
This Tony Teaches Tech video basically walks you through the process:
Here's my written version, with a little more information on a couple steps that I got stuck on.
Note: In this guide please replace all instances of the
220.127.116.11 IP Address with your server/site's IPv4 Address.
After ensuring that your Domain's Registrar has A/AAAA records pointed towards the IP address of your Linode, log into your server via SSH.
SSH into your server:
ssh [email protected]
Enter your Password.
wordpress.conf file in your
/etc/apache2/sites-available directory using
nano by running either:
Your configuration by default should look like this:
<Directory /var/www/wordpress/> Options Indexes FollowSymLinks AllowOverride All Require all granted </Directory> <VirtualHost *:80> ServerName 18.104.22.168 ServerAdmin [email protected] DocumentRoot /var/www/wordpress/ ErrorLog /var/log/apache2/wordpress/error.log CustomLog /var/log/apache2/wordpress/access.log combined <files xmlrpc.php> order allow,deny deny from all </files> </VirtualHost>
You will want to change the IP Address in the
ServerName field from the default IP address listed to your website's domain (
22.214.171.124 in your case will be your server's IP address)
It is also recommended that you add just below the
ServerName an Alias. The modified file should look like this:
<Directory /var/www/wordpress/> Options Indexes FollowSymLinks AllowOverride All Require all granted </Directory> <VirtualHost *:80> ServerName yourdomain.com ServerAlias www.yourdomain.com ServerAdmin [email protected] DocumentRoot /var/www/wordpress/ ErrorLog /var/log/apache2/wordpress/error.log CustomLog /var/log/apache2/wordpress/access.log combined <files xmlrpc.php> order allow,deny deny from all </files> </VirtualHost>
After you have finished modifying your Apache2 Virtual Host file, you will need to restart the Apache2 server by running one of the following commands:
systemctl restart apache2 sudo systemctl restart apache2
Next, you will run
Cerbot by running the following command:
apt-get install certbot python-certbot-apache
Certbot will then ask
Which names would you like to activate HTTPS for?
1: yourdomain.com 2: www.yourdomain.com
You can just
Enter here to select HTTPS for both of these domains.
The last step here is can occasionally cause some issues.
Certbot will now ask if you want to redirect all HTTP traffic to HTTPS (which you almost certainly do). When you select
2 you may then encounter some variation of the following error:
An unexpected error occurred: Error creating new order : : Cannot issue for "yourdomain.com"
The exact error may vary, but there are two things that usually cause this. Either it is:
An error (typo) in the changes you made in Virtual Hosts file previously (where you changed the IP address to your domain)
You need to make the same modifications which you made to your Virtual Hosts file (which is only listening over port 80) to the
wordpress-le-ssl.conf file (which is listening over port 443) located at
Keep in mind that after any changes you make to your
Apache2 configuration that you will need to restart the service in order to see these changes realized for your SSL certification to work properly.
That should pretty much do it.
You may need to clear your cache/cookies if your certificate was installed correctly and you still see one or both of the variations of your domains (
yoursite.com) as being listed as insecure.
One last thing that usually results from making changes to serving content over HTTP content and HTTPS content is that your original WP configuration files are still pointing to your server's IP address, not your new shiny domain.
To fix this you just need to go to:
- Log in
- Navigate to
- Modify the
WordPress Address (URL)field from your server's IP address to be
- Also modify the
Site Address (URL)field from your server's IP address to
- Click the
Save Changesat the bottom of the page.
I hope my pain saves you a little effort.