Menu

Free SSL encryption for your website

23 March 2017
by Roman Nazarkin
0 comments

Free SSL encryption for your website

Since Google started to highlight websites with enabled SSL and discourage ones without, many site owners started to think about buying expensive certificates from trusted companies like Comodo, RapidSSL and etc.

In this article, we’ll review the easiest and fastest way to get your site secured for free.

Most of you may be heard already about let’s encrypt project. If not, briefly it is a first SSL certificate authority which provides certs absolutely for free. Main features:

Service started to work 3rd December 2015, since that time it became very popular and most hosting providers already has support for it. We won’t be talking about them, it would be easier to ask their support team to guide you.

How to configure Nginx to work with Let’s Encrypt

Let’s encrypt website suggests you to use Certbot software to manage cert files so we’ll use it. First off, you need to install certbot and it’s Nginx addon. The easiest way is to use certbot-auto script for this:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
./certbot-auto

This little utility will install all important software with dependencies to your system. Then you need to run certificate issue process:

./path/to/certbot-auto certonly

Will allow you interactively select the plugin and options used to obtain your certificate. When your cert will be ready, it’s data will be located under /etc/letsencrypt/live/$domain folder.

Now, you need to update Nginx configuration file to enable SSL:

# Redirect HTTP -> HTTPS
server {
  server_name www.wphunters.com wphunters.com;
  listen 80;
  listen [::]:80;

  # Exception needed for ACME / Let's Encrypt certificate update
  location /.well-known/ {
    root /path/to/wphunters.com/public_html;
    try_files $uri $uri/ =404;
  }

  location / {
    return 301 https://wphunters.com$request_uri;
  }
}

# Setup SSL
server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  server_name www.wphunters.com wphunters.com;
  ssl_certificate /etc/letsencrypt/live/wphunters.com/cert.pem;
  ssl_certificate_key /etc/letsencrypt/live/wphunters.com/privkey.pem;
  
  # .. here goes your regular rules, location's and etc
}

Don’t forget to replace wphunters.com with your site’s domain. After changing Nginx config, reload it with the following command:

sudo nginx -s reload

Basically, at this stage, SSL certificate setup is completed(for more information about Certbot, you can refer to its documentation), but there are some things you need to do next:

How to setup Cron job for automatic cert renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let’s Encrypt certificates last for 90 days, it’s highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run

If that appears to be working correctly, you can arrange for automatic renewal by adding a cron job with the following command:

./path/to/certbot-auto renew --quiet --no-self-upgrade

To do that, you can run crontab -e command and in the opened file type next:

0 0 * * * ./path/to/certbot-auto renew --quiet --no-self-upgrade
0 0 * * * /etc/init.d/nginx reload >/dev/null 2>&1

The both jobs will be executed every day at midnight (00:00). The first one will check your certs and if some of them expire soon, it will automatically renew them. The second job is used to reload Nginx config every night. It uses graceful reload so your servers won’t be stopped, it just will use new configuration files and new certs (if available) from the first incoming request after reload.

How to convert all HTTP links into HTTPS on my WordPress site

After all changes, you can notice that browser sometimes mark your site’s pages as partially insecure. This happens because your secured page initiates non-secure outgoing HTTP queries for images and other static content inside your content. To fix that you should go through all your posts and replace HTTP with HTTPS everywhere.

Weird way, didn’t it? To automate this thing you can use HTTP/HTTPS Remover WordPress plugin which will take care for this.

Also, don’t forget to change Site Address inside WordPress general settings to accomplish site transition to SSL.

That’s all, we hope this article helped you add Free SSL in WordPress with Let’s Encrypt.

Interested in similar posts?

Join our 2500+ subscribers

0 comments

Here is no comments for now.

Leave a reply