See that green lock up there? Rocknerd is now served over SSL, with a certificate from Let’s Encrypt. The old insecure addresses should send you to the secure versions. Please try https://rocknerd.co.uk/ on all your gadgets and let me know of any problems, with as much detail as you can.
This guide assumes you are comfortable with the Debian/Ubuntu command line. The stuff below is literally what I did just now.
James (whose server it is) already had certbot installed, but I didn’t know this and set it up by hand anyway. It’s trivial.
Our server is running Debian and I have root. Working from this page, I ran the following:
git clone https://github.com/certbot/certbot cd certbot sudo ./letsencrypt-auto
The script did an apt-get update;apt-get upgrade, worked out it was running on Apache, detected all the domains our Apache served and offered to generate a cert for all of them. I just told it to do the aliases of rocknerd.co.uk for now. It did so, generated and installed the cert. That’s it, I had a working SSL site! It gave me SSLLabs test URLs for rocknerd.co.uk and www.rocknerd.co.uk, which both rated the site “A”. So there.
(It also asks you if you want to auto-redirect all http:// to https:// — tell it yes.)
Let’s Encrypt certs are short-term. I made sure my cert was auto-renewed by putting this in /etc/cron.d/letsencrypt-rocknerd (checks weekly, renews the cert if it’s under 30 days from expiry):
30 2 * * 1 root /home/sites/letsencrypt/letsencrypt-auto renew >>/home/sites/log/rocknerd.co.uk/le-renew.log
Next was WordPress itself.
- Go to Settings->General Settings and set your WordPress Address and Site Address to start https:// .
- Add this to wp-config.php, to force logins and admin to SSL:
- If you’re still getting a mixed-content warning from your site, go to the Inspector (hit F12) in Firefox or Chrome and see what’s being served by http:// — in my case a couple of links in a widget. Fix those, clear WP-Super-Cache and try again.
If you want to SSL your WordPress and don’t understand the above, Google “SSL WordPress” for many more pointy-clicky guides. If you’ve SSLed your own WordPress with a plugin or similar, please comment.