Do you want to secure your site? but looking for an option for free SSL certificate? Here is Let’s Encrypt SSL. And I am gonna show you how to set up and configure a TLS/SSL certificate from Let’s Encrypt on your WordPress site hosted on Digital Ocean Cloud VPS on an Ubuntu 16.04 droplet running Apache as a web server.
What is SSL Certificate?
SSL certificates are an encryption system that can be used to encrypt communication between your web server and your users to secure very sensitive information like credit card transactions, data transfer, and logins etc as it travels across the various computer networks globally.
SSL is now essential for protecting our websites. It provides critical security, privacy, and secure data communication for both your websites and your users’ personal information.
What is the purpose of SSL?
The primary purpose of SSL is to initiate a secure session with browsers and send encrypted sensitive information across the Internet so that only the intended recipient/server can understand it. So once the secure connection established between server and user’s web browser, all the communication will be secure.
This is very important because the information we send on the Internet is passed through many servers to reach the destination server.
So the servers between the user and the destination server can see our credit card numbers, passwords, and any other sensitive information if it is not encrypted.
When an SSL certificate is used through the traffic, no one can access the information except for the server we are sending the information to.
What is Let’s Encrypt?
Let’s Encrypt is an open, and automated Certificate Authority(CA) that provides free TLS/SSL certificate developed by the non-profit Internet Security Research Group (ISRG).
It uses Automatic management certificate environment(AMCE) protocol to encrypt the server communication.
The primary objectives of Lets Encrypt Certificate are Public Benefit. and its developed for users who want to encrypt their site freely.
Anyone who owns a domain name can use Let’s Encrypt Certificate at zero cost.
Let’s Encrypt is using most advancing TLS security best practices, can configure it securely for use, and of course, its automatically take care of renewal when it expires.
How to Secure your WordPress site with Let’s Encrypt SSL on Digital Ocean?
In this tutorial, we will install Lets Encrypt SSL with Cartbot Client with server Apache on WordPress.
Certbot is an easy-to-use client that automated the installation of the certificate from Let’s Encrypt.
So let’s get Started……
Install the Certbot.
First, add the repository
$ sudo add-apt-repository ppa:certbot/certbot
You have to accept the agreement so press enter.
Then update the package list so that the new package could take effect.
$ sudo apt-get update
Now install the Certbot from the new repository. You may copy and paste this command on your terminal
$ sudo apt-get install python-certbot-apache
After successfully install, Certbot is ready to use
Install Let’s Encrypt.
If your site URL is on http://example.com instead of http://www.example.com then run this command
$ sudo certbot --apache -d example.com
place example.com with your site URL
but if your site URL is http://www.example.com then run this command below
$ sudo certbot --apache -d example.com -d www.example.com
Now you will be prompted to enter an email address. This will allow you to take control in case of lost key and certificate and for further notices from Let’s Encrypt. so provide your email id and press enter.
Again here you have to agree to the terms of services.
Then you will be asked for how you’d like to configure your HTTPS settings.
Output Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. ------------------------------------------------------------------------------- 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. ------------------------------------------------------------------------------- Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
Select your choice and press enter.
Now certbot will automatically install and updated configuration. It will show you a message telling you that the process was successful and where your certificates are stored.
Output IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/example.com/fullchain.pem. Your cert will expire on 2018-10-23. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Your certificates are downloaded, installed, loaded, and ready to use.
Now configure it for WordPress.
To take effect your WordPress site with https, you need to install a plugin called Really Simple SSL. It will automatically detect your setting and run your site over https.
- Just install this Plugin
- Activate the Plugin
- Enable SSL with one click.
The site URL and home URL will automatically be changed with https.
Let’s Encrypt CA issues short-lived certificates for 90 days only. Make sure you renew the certificates at least once in 3 months by running the command below
$ sudo certbot renew --dry-run
I’m Just a Blogger. Sharing my idea with you.