Solved: How to enable free SSL on your website.

HTTPS is now becoming a necessity and google is giving more importance to https site in comparison to http sites in indexing.

So how do you get an https secure site?

You need to buy an SSL certificate from third party. Even though you know your site is secure it needs verification from a third party which says “Yeah I confirm this site is secure”. For this the third party charges a fees anywhere from $10 to $150 per year .

The SSL certificate is very important if you are running an ecommerce website. But if you are just running a normal blog or website, you may not want to spend money on getting the SSL certificate. So in that case you can use free SSL certificate from a third party called “Let’s Encrypt” .

In this write up we will be taking example of our website Below are the details of the site:-

a) It is hosted on AWS

b) Registered with Godaddy

c) It has Bitnami WordPress image running which is launched from AWS market place.

We have spent many hours to figure out how to enable the SSL using “Let’s Encrypt” and after lot of search we have collected and placed all the info here on a single page.

So, to get the SSL certificate from “Let’s Encrypt” in an easy way, first we will install the plugin WP encrypt.

If you are not using Bitnami image you can skip to step 3. Else, start from step 1 .
1) Login to your server via ssh and create directory and grant it permissions :-
sudo mkdir -p /opt/bitnami/apps/wordpress/letsencrypt/live 

sudo chown -R bitnami:daemon /opt/bitnami/apps/wordpress/letsencrypt

sudo find /opt/bitnami/apps/wordpress/letsencrypt -type d -exec chmod 0775 {} \;

sudo find /opt/bitnami/apps/wordpress/letsencrypt -type f -exec chmod 0664 {} \;
2) Once the directories are created edit the /opt/bitnami/apps/wordpress/wp-config.php or the /opt/bitnami/apps/wordpress/htdocs/wp-config.php file.
At the end of this file add the below line.
define('WP_ENCRYPT_SSL_CERTIFICATES_DIR_PATH', '/opt/bitnami/apps/wordpress/letsencrypt/live');

3) Login to your WordPress site and install the WP Encrypt plugin.

a) Go to Plugins in you dashboard and click on “Add New”

b) Search for WP encrypt and click on install.

c) Once it’s installed, click on activate for WP encrypt.

4) In your Dashboard go to Settings>WP encrypt.

a) Fill below details in it “Organization Name”, “Country Name”, “Country                   Code” . Don’t leave them empty else you may not get menu for next step.

b) Certificate provided by “Let’ Encrypt” is valid only for 90 dyas. But good               news is that you can renew it for free. WP Encrypt will do it for you so                     tick on “Auto-generate certificate”

c) Tick on “Expire Warnings” and select days before which it should warn                   you. Here we kept it as 3.

d) Click “Save Changes”.

5) After saving this you should get the “Register Account” option. Click on that.

6) Once your account is registered. Click on “Generate Certificate”. It will generate four files and will save them on your server. Keep note of the file and their location mentioned below “Certificate & Key Locations”. Congrats! You have successfully received SSL certificates.

7) If you are using bitnami image move to step 8. Else you can use Really Simple SSL plugin to use the SSL certificates.

8) Now if you are using bitnami image you will have to add these new certificates in your bitnami.conf file. Comment the old entries of SSLCertificate* in the file.

sudo vi /home/bitnami/stack/apache2/conf/bitnami/bitnami.conf
SSLCertificateFile "/opt/bitnami/apps/wordpress/letsencrypt/live/"
SSLCertificateKeyFile "/opt/bitnami/apps/wordpress/letsencrypt/live/"
SSLCertificateChainFile "/opt/bitnami/apps/wordpress/letsencrypt/live/"

Note: The .pem file locations are taken from step 6. Location can be different for you. So copy them from your dashboard directly.

9) Finally restart LAMP stack.

sudo /opt/bitnami/ restart

If you try to access the now, it should show you a green padlock.

10) Now we will force the redirection of all links to HTTPS.

For this modify your file /opt/bitnami/apps/wordpress/conf/httpd-prefix.conf and add below lines to it’s top.

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]

11) Finally change the URL addressing, if it’s not changed automatically. In your Dashboard go to Settings>General and change the “WordPress Address” and “Site Address” from http to https. By this all your new posts will have https by default in them. If you find the “WordPress Address” and “Site Address” greyed out and cannot modify them, you can refer my other post here .

Note:- Users may get error after 90 days when it is time for SSL certificate renewal. Please refer to this post on how we fixed the SSL renewal error .