WordPress SSL Configuration using Letsencrypt on Google Cloud☁🔒️🖥

If you have an instance of WordPress on your Google Cloud virtual machine, this guide figure out how you can install and configure the SSL certificate generated with the Let’Encrypt service.

Requirements ⚠️

• domain name with editable DNS
• google cloud VM with WordPress

Step -1- Config DNS 🔗

Point the dns domain to the VM ip on DNS manager, and check the Rocket Chat responds in the right way.

Step -2- Connect through SSH 💻

Open a SSH connection to your VM, web client is reachable with Menu (1) → Computer Engine (2) → VM Instances (3), on the left list click on SSH button (4)

Other way if you have configured the VM, use putty

Step -3- Install Certbot 🤖

Install certbot on the VM typing the following commands.

# sudo wget https://dl.eff.org/certbot-auto -P /usr/local/bin
# sudo chmod a+x /usr/local/bin/certbot-auto

Step -4- Generate certificate 🔒

Set your variable DOMAIN and EMAIL_ALERT a generates your SSL certificate

# export DOMAIN="yourdomain.com"
# export EMAIL_ALERT="admin@yourdomain.com"
# /usr/local/bin/certbot-auto certonly --standalone -d $DOMAIN  --preferred-challenges http --agree-tos -n -m  $EMAIL_ALERT --keep-until-expiring

Take note where certbot generates your certificates

Step -5- Edit Apache config 🛠️

First of all backup the configuration of Apache, typing

# sudo cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/default-ssl.conf.back

And after do that you can edit the configuration file

# sudo nano /etc/apache2/sites-available/default-ssl.conf

At the top of this file, paste the following lines of code in order to tell your server to redirect traffic to HTTPS

<Directory /var/www/html/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>

Scroll down with arrow and add the paths of your certificate

SSLCertificateFile “/etc/letsencrypt/live/yourdomain.com/cert.pem”
SSLCertificateKeyFile “/etc/letsencrypt/live/yourdomain.com/privkey.pem”
SSLCertificateChainFile “/etc/letsencrypt/live/yourdomain.com/chain.pem”

Save it, now you can go head to next configuration file, backup it typing

# sudo cp /etc/apache2/sites-available/wordpress.conf /etc/apache2/sites-available/wordpress.conf.back

And after do that you can edit the configuration file

# sudo nano /etc/apache2/sites-available/wordpress.conf

Delete the content of the file and paste the following lines of code

<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName www.yourdomain.com
ServerAlias yourdomain.com
Redirect permanent / https://www.yourdomain.com/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/html/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory “/usr/lib/cgi-bin”>
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Save the file. Now you need to update/restart your Apache server by executing all three of the commands listed below.

# sudo a2ensite default-ssl
# sudo a2enmod ssl
# sudo service apache2 restart

Step -6- Edit WordPress config 🛠️

Go to your admin panel in WordPress on https://yourdomain.com/wp-admin and with Settings → General, and replace your current domain name with the https:// scroll down and save it.

Step -7- Check & fix mixed resource errors ✅

Sometimes after the migration to https, you may have some error due to mixed source, these are file or page linked over http.

You can simply check which are these files using developing tools of your browser (F12 button) ore the following tool. For fixing errors you must edit link to web page or file in your WordPress page or menus, for the img you can simply relink the image using the medialibrary.

Tool 🛠

• https://www.crawlcenter.com/mixed-content-checker

Step -8- Certbot auto-renew certificate 📆

This is the last step of this guide, is optional but recommended for avoid to renew manually the certificate, type:

# sudo certbot-auto renew

copy the certbot folder to /etc/letsencrypt/ an then edit cron for executing your job periodically

# sudo mv certbot-auto /etc/letsencrypt/
# sudo crontab -e

add the following command at the end of file and save and exit

45 2 * * 6 cd /etc/letsencrypt/ && ./certbot-auto renew && /etc/init.d/apache2 restart

That’s it

If you want you can check your SSL certificate with the following tool,

Tool 🛠

• https://www.sslshopper.com/ssl-checker.html

❤🍺 If you like this article buy me a beer 🍺❤

powered by simobox.it

Bibliography 📚

• https://make.wordpress.org/support/user-manual/web-publishing/https-for-wordpress/
• https://onepagezen.com/free-ssl-certificate-wordpress-google-cloud-click-to-deploy/
• https://onepagezen.com/fix-ssl-certificate-errors-google-cloud/
• https://themeisle.com/blog/add-wordpress-https/