Networking

Unix and Linux network configuration. Multiple network interfaces. Bridged NICs. High-availability network configurations.

Applications

Reviews of latest Unix and Linux software. Helpful tips for application support admins. Automating application support.

Data

Disk partitioning, filesystems, directories, and files. Volume management, logical volumes, HA filesystems. Backups and disaster recovery.

Monitoring

Distributed server monitoring. Server performance and capacity planning. Monitoring applications, network status and user activity.

Commands & Shells

Cool Unix shell commands and options. Command-line tools and application. Things every Unix sysadmin needs to know.

Home » Featured, Security

SSL For Self-Hosted WordPress

Submitted by on February 17, 2018 – 3:05 pm

Just some notes for setting up SSL with your self-hosted WordPress installation. Just got around to doing this the other day. Yeah, I know, about time…

First, I had to clean up apache’s ssl.conf because all those comments were annoying me:

The next step would be to download and run certbot to generate your real SSL cert – not that self-signed crap. However, certbot uses Python and I have three versions of Python on the server. This gets certbot confused between 2.6 and 2.7 because it’s authors didn’t test it properly, so some temporary cleanup was in order:

Now download and run certbot-auto script:

Jump through the prompts, certbot will get your certs and update the appropriate sections of your httpd.conf (make a backup of it, if you don’t have one already). All of the cert stuff will be in /etc/letsencrypt.

Once you bounce httpd, you can check on the cert’s details from CLI like so:

The command above will also tell you when the cert is going to expire, so you can write a simple one-liner (sort of) to send you an email when the cert is, say, three days away from the expiry date.

The certs are good for ninety days, so unless your mind is like a steel trap, it’s a good idea to set up a cronjob to automate license renewal. Test the renewal process:

If everything looks good, you can set up a cron job using the following example from the certbot site:

This will run the update process twice a day at noon and midnight with a random wait time. Or you can just schedule it to run twice a day at some arbitrary time close to twelve hours apart.

Two more steps left: update settings in WordPress and Google Analytics/Webmaster Tools (if you use those things). In WordPress, go to Settings –> General and change “WordPress Address (URL)” and “Site Address (URL)” to say https://. Now install, activate and enable “Really Simple SSL” plugin. It will help you fix any mixed content issues where some elements of your site (like images, for example) may not be using SSL, which is a problem.

In Google Analytics, click the “Admin” gear icon and under Account –> Property –> Property Settings –> Default URL select https. Also under Account –> Property –> View –> View Settings –> Website’s URL select https as well. Save.

In Webmaster Tools you would need to add a version of your site using the https:// link because Webmaster Tools treats http and https versions of your site as to separate entities. After you add the https version of the site, you may remove the old one if you want. But you don’t have to.

Print Friendly, PDF & Email

Leave a Reply