Installing an SSL certificate with Certbot on WordPress

Linode Staff

Is there any way to do this through the command line? All I see are outdate and unsupported WP plugins that do this, and I'm having issues with the guides listed at https://www.linode.com/docs/guides/enabling-https-using-certbot-with-nginx-on-ubuntu/

Any help would be appreciated!

1 Reply

So I pretty much broke down step-by-step how to do this after spending an infuriatingly long time trying to figure out how to do this on my own. Hope it helps.


This Tony Teaches Tech video basically walks you through the process:
https://www.youtube.com/watch?v=bgcRhucEn90


Here's my written version, with a little more information on a couple steps that I got stuck on.

Note: In this guide please replace all instances of the 111.111.111.111 IP Address with your server/site's IPv4 Address.

After ensuring that your Domain's Registrar has A/AAAA records pointed towards the IP address of your Linode, log into your server via SSH.

SSH into your server: ssh [email protected]
Enter your Password.

Modify your wordpress.conf file in your /etc/apache2/sites-available directory using vim or nano by running either:

vim wordpress.conf
OR
nano wordpress.conf

Your configuration by default should look like this:

<Directory /var/www/wordpress/>
     Options Indexes FollowSymLinks
     AllowOverride All
     Require all granted
</Directory>
<VirtualHost *:80>
     ServerName 111.111.111.111
     ServerAdmin [email protected]
     DocumentRoot /var/www/wordpress/
     ErrorLog /var/log/apache2/wordpress/error.log
     CustomLog /var/log/apache2/wordpress/access.log combined
     <files xmlrpc.php>
          order allow,deny
          deny from all
     </files>
</VirtualHost>

You will want to change the IP Address in the ServerName field from the default IP address listed to your website's domain (111.111.111.111 in your case will be your server's IP address)

It is also recommended that you add just below the ServerName an Alias. The modified file should look like this:

<Directory /var/www/wordpress/>
     Options Indexes FollowSymLinks
     AllowOverride All
     Require all granted
</Directory>
<VirtualHost *:80>
     ServerName yourdomain.com
     ServerAlias www.yourdomain.com
     ServerAdmin [email protected]
     DocumentRoot /var/www/wordpress/
     ErrorLog /var/log/apache2/wordpress/error.log
     CustomLog /var/log/apache2/wordpress/access.log combined
     <files xmlrpc.php>
          order allow,deny
          deny from all
     </files>
</VirtualHost>

After you have finished modifying your Apache2 Virtual Host file, you will need to restart the Apache2 server by running one of the following commands:

systemctl restart apache2
sudo systemctl restart apache2

Next, you will run Cerbot by running the following command:

apt-get install certbot python-certbot-apache

Then Run:
certbot --apache

Certbot will then ask Which names would you like to activate HTTPS for?

1: yourdomain.com
2: www.yourdomain.com

You can just Enter here to select HTTPS for both of these domains.

The last step here is can occasionally cause some issues. Certbot will now ask if you want to redirect all HTTP traffic to HTTPS (which you almost certainly do). When you select 2 you may then encounter some variation of the following error:

An unexpected error occurred:
Error creating new order : : Cannot issue for "yourdomain.com"

The exact error may vary, but there are two things that usually cause this. Either it is:

An error (typo) in the changes you made in Virtual Hosts file previously (where you changed the IP address to your domain)

OR

You need to make the same modifications which you made to your Virtual Hosts file (which is only listening over port 80) to the wordpress-le-ssl.conf file (which is listening over port 443) located at /etc/apache2/sites-available

Keep in mind that after any changes you make to your Apache2 configuration that you will need to restart the service in order to see these changes realized for your SSL certification to work properly.

That should pretty much do it.

You may need to clear your cache/cookies if your certificate was installed correctly and you still see one or both of the variations of your domains (www.yoursite.com and yoursite.com) as being listed as insecure.

One last thing that usually results from making changes to serving content over HTTP content and HTTPS content is that your original WP configuration files are still pointing to your server's IP address, not your new shiny domain.

To fix this you just need to go to:
yourdomain.com/wp-login.php

  • Log in
  • Navigate to Settings
  • Modify the WordPress Address (URL) field from your server's IP address to be https://yourdomain.com
  • Also modify the Site Address (URL) field from your server's IP address to https://yourdomain.com
  • Click the Save Changes at the bottom of the page.

I hope my pain saves you a little effort.

-Micah

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct