[WordPress on VPS] How To Install and Enable an SSL on Ubuntu

SSL is used to be a luxurious security component for the big companies. Not anymore, thanks to the low cost or even free SSL certificate issued by the trusted commercial Certificate Authority (CA) such as Let’s Encrypt. With the recent recommendation by Google, more and more websites, big or small, are going in full HTTPS mode, shaping the Internet to a better place. If you are one of those WordPress site owners who want to join the HTTPS force, this tutorial will help you get off the ground.

https

Generate a CSR and Private Key

Since we are using Apache to host our WordPress powered website, we can use the built-in OpenSSL command line to generate the CSR and Private Key for your domain.

openssl req -newkey rsa:2048 -nodes -keyout domain.com.key -out domain.com.csr

You will be prompted a series questions that will be included in the certificate request file. Take extra attention to the Common Name field which should match the exact name of your domain you will be using the certification with. Note that if you are getting an OV or EV certificate, make sure all the fields are filled accurately.

The command generates two digital plain text files, a .key and a .csr file at the current location. The .csr file is what you will need to request the SSL certificate.

Generate CSR

To see what’s in your CSR file, using the following command:

cat domain.com.csr

You may also verify the CSR content with the following command or this only app to make sure all information included in the CSR are all accurate before moving to the next step.

openssl req -in mycsr.csr -noout -text

Apply for the Certificate

With CSR ready, now let’s find a place to apply for the certificate. There are many CAs that you can apply for the digital certificate for your website. I use RapidSSL via Namecheap and like it very much how the way it works but you definitely choose your own to go with. Head over to SSL Certificates page under Security to browse and pick the type of SSL certificate you would like to apply. You can get DV level of SSL certificate for as low as $9.00 per year. That is a ridiculously low cost comparing to a few years back.

SSL Certificate Store

Install Certificate on Apache Web Server

Once you successfully applied a digital certificate, you will get two files downloaded from the CA, the certificate file, and the chain bundle file. You will need these two files as well as the Private Key file generated earlier.

Assuming I have these three files saved in my home folder at /home/me folder.

  • The Private Key file: domain.com.key
  • The SSL certificate file: domain.com.crt
  • The chain bundle file: domain.com.ca-bundle

Now,

cd /etc/apache2/sites-available
sudo nano domain.com.conf

Then, enter the following section of content for the site to listen on port 443:

<VirtualHost *:443>
  ServerName domain.com
  DocumentRoot /var/www/domain.com
  SSLEngine on
  SSLCertificateFile /home/me/ssl/domain.com.crt
  SSLCertificateKeyFile /home/me/ssl/domain.com.key
  SSLCertificateChainFile /home/me/ssl/domain.com.ca-bundle
</VirtualHost>

Restart Apache server and all good to go.

sudo service apache2 restart

If the service restart failed due to the SSLEngine not enabled, run the following:

sudo a2enmod ssl

Validate SSL installation

Here are 4 online tools that you can use to check and validate the SSL certificate and installation.

Leave a Reply

Your email address will not be published.