WordPress

[WordPress on VPS] How To Install and Enable an SSL on Ubuntu

SSL is used to be a luxurious security component for the big companies. Not anymore, thanks to the low cost or even free SSL certificate issued by the trusted commercial Certificate Authority (CA) such as Let’s Encrypt. With the recent recommendation by Google, more and more websites, big or small, are going in full HTTPS mode, shaping the Internet to a better place. If you are one of those WordPress site owners who want to join the HTTPS force, this tutorial will help you get off the ground.

Generate a CSR and Private Key

Since we are using Apache to host our WordPress powered website, we can use the built-in OpenSSL command line to generate the CSR and Private Key for your domain.

openssl req -newkey rsa:2048 -nodes -keyout domain.com.key -out domain.com.csr

You will be prompted a series questions that will be included in the certificate request file. Take extra attention to the Common Name field which should match the exact name of your domain you will be using the certification with. Note that if you are getting an OV or EV certificate, make sure all the fields are filled accurately.

The command generates two digital plain text files, a .key and a .csr file at the current location. The .csr file is what you will need to request the SSL certificate.

To see what’s in your CSR file, using the following command:

cat domain.com.csr

You may also verify the CSR content with the following command or this only app to make sure all information included in the CSR are all accurate before moving to the next step.

openssl req -in mycsr.csr -noout -text

Apply for the Certificate

With CSR ready, now let’s find a place to apply for the certificate. There are many CAs that you can apply for the digital certificate for your website. I use RapidSSL via Namecheap and like it very much how the way it works but you definitely choose your own to go with. Head over to SSL Certificates page under Security to browse and pick the type of SSL certificate you would like to apply. You can get DV level of SSL certificate for as low as $9.00 per year. That is a ridiculously low cost comparing to a few years back.

Install Certificate on Apache Web Server

Once you successfully applied a digital certificate, you will get two files downloaded from the CA, the certificate file, and the chain bundle file. You will need these two files as well as the Private Key file generated earlier.

Assuming I have these three files saved in my home folder at /home/me folder.

  • The Private Key file: domain.com.key
  • The SSL certificate file: domain.com.crt
  • The chain bundle file: domain.com.ca-bundle

Now,

cd /etc/apache2/sites-available
sudo nano domain.com.conf

Then, enter the following section of content for the site to listen on port 443:

<VirtualHost *:443>
  ServerName domain.com
  DocumentRoot /var/www/domain.com
  SSLEngine on
  SSLCertificateFile /home/me/ssl/domain.com.crt
  SSLCertificateKeyFile /home/me/ssl/domain.com.key
  SSLCertificateChainFile /home/me/ssl/domain.com.ca-bundle
</VirtualHost>

Restart Apache server and all good to go.

sudo service apache2 restart

If the service restart failed due to the SSLEngine not enabled, run the following:

sudo a2enmod ssl

Validate SSL installation

Here are 4 online tools that you can use to check and validate the SSL certificate and installation.

edge

Share
Published by
edge

Recent Posts

Disable Copilot on Windows 11 via Group Policy GPO

If using Copilot right from the Taskbar isn't your thing, you should disable it. Even…

8 months ago

Setting Default Fonts in Word, Excel, Outlook, and PowerPoint via Group Policy

In an environment where standardizing things does matter, setting default fonts in Microsoft Office apps…

9 months ago

Wake-On-LAN (WOL) with Windows and PowerShell

Wake-On-LAN is a networking standard that lets you wake up a computer from either a…

9 months ago

How To Remove Restrictions Set in A Password-Protected PDF File

First of all, this is not to bypass a PDF file that requires a password…

9 months ago

How To Move My Outlook Navigation Bar Back From Left Back To the Bottom

Microsoft has been lurking about the idea of placing the Outlook navigation bar to the…

2 years ago

Headset with Microphone Echoing My Own Voice on Windows, What To Do?

One colleague came up to me the other day asking me to take look at…

2 years ago