Hey there! Want to secure your WordPress blog with SSL, but don’t want to spend a fortune on certificates? Don’t worry! I’ve got your back. In this guide, I’ll show you how to enable SSL for your WordPress blog using a free SSL certificate from Let’s Encrypt. Let’s get started!
Prerequisites
This guide assumes that you have a running WordPress blog with Nginx and Docker Compose, as described in our previous tutorial.
Step 1: Install Certbot
Certbot is a super useful tool that makes it easy to get and renew SSL certificates from Let’s Encrypt. To install Certbot on your Ubuntu server, just run these commands:
# Add some necessary repositories and install Certbot
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot
Step 2: Get Your SSL Certificate
Before you grab your SSL certificate, double-check that your domain is pointing to your server’s IP address. All set? Great! Now, run this command to get your certificate:
sudo certbot certonly --standalone -d your_domain.com -d www.your_domain.com
Don’t forget to replace your_domain.com and www.your_domain.com with your actual domain names. Certbot will take care of the rest and store your SSL certificate files in /etc/letsencrypt/live/your_domain.com/.
Step 3: Update Your Nginx Config
Time to tweak your Nginx configuration file (default.conf in the nginx-conf directory) to serve your site over HTTPS. Update the file with the following content:
server {
listen 80;
server_name your_domain.com www.your_domain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name your_domain.com www.your_domain.com;
ssl_certificate /etc/letsencrypt/live/your_domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your_domain.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';
root /var/www/html;
index index.php;
access_log /var/log/nginx/wordpress_access.log;
error_log /var/log/nginx/wordpress_error.log;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass wordpress:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~ /\.ht {
deny all;
}
}
Make sure to replace your_domain.com and www.your_domain.com with your real domain names.
Step 4: Mount Your SSL Certificate Files
Update your docker-compose.yml file to mount your SSL certificate files to your Nginx container:
...
services:
nginx:
image: nginx:stable-alpine
container_name: nginx
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx-conf:/etc/nginx/conf.d
- ./wordpress:/var/www/html
- /etc/letsencrypt/live/your_domain.com:/etc/letsencrypt/live/your_domain.com:ro
...
Again, remember to replace your_domain.com with your actual domain name.
Step 5: Restart Your Docker Containers
With everything updated, go ahead and restart your Docker containers to apply the changes:
docker-compose down
docker-compose up -d
Step 6: Automate SSL Certificate Renewal
To keep your SSL certificate up to date, set up automatic renewal with a cron job. Run sudo crontab -e and add this line:
0 3 * * * certbot renew --quiet --post-hook "docker restart nginx"
This will try to renew your SSL certificate daily at 3 AM. If it’s successful, it’ll restart the Nginx container with the new certificate.
And that’s all! Your WordPress blog should now be rockin’ SSL, making it safer for you and your visitors. Enjoy your new, secure blog, and feel free to reach out if you have any questions or need help. Happy blogging! 🚀
