I recently set up SSL certificates on several WordPress sites.
The sites were hosted on a dedicated server under the control of Ubuntu, on this first thing I created a directory for certificates and switched to it:
sudo mkdir /etc/apache2/ssl cd /etc/apache2/ssl
Enable the SSL module for Apache2 if it is not enabled:
sudo a2enmod ssl
Then I generated the certificate:
sudo openssl req -nodes -newkey rsa:2048 -keyout /etc/apache2/ssl/example.com.key -out /etc/apache2/ssl/example.com.csr
In the process of generation, several questions had to be answered:
Country Name (2 letter code) [AU]: UA (code of the country)
State or Province Name (full name) [Some-State]: Sumy
Locality Name (eg, city) : Romny
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Private person
Organizational Unit Name (eg, section) : (empty or the name of the department)
Common Name (e.g. server FQDN or YOUR name) : example.com (domain name, without http and https)
Email Address : firstname.lastname@example.org
You can also sign the generated certificate (this is the contents of example.com.csr) from some kind of domain registrar.
The procedure is cheap and after it is connected will not display a message that the certificate is not signed.
Since there are several sites, the configuration files for each of them are located in the directory /etc/apache2/sites-enabled/.
I’ll choose one of them and at the very end after the standard directive:
<VirtualHost *:80> ...</VirtualHost>
we will add one more, but with 443 port and we will specify ways to certificates:
<VirtualHost *:443> ServerAdmin email@example.com ServerName example.com ServerAlias www.example.com DocumentRoot /var/www/example.com/ <Directory /> Options -Indexes AllowOverride All </Directory> <Directory /var/www/example.com/> Options -Indexes AllowOverride All Order allow,deny allow from all </Directory> SSLEngine on SSLCertificateFile /etc/apache2/ssl/example_com.crt SSLCertificateKeyFile /etc/apache2/ssl/example_com.key SSLCertificateChainFile /etc/apache2/ssl/example_com.ca-bundle ErrorLog /var/log/apache2/example_error-ssl.log LogLevel warn CustomLog /var/log/apache2/example_access-ssl.log combined </VirtualHost>
After the changes, check the configuration and restart apache2:
sudo apachectl configtest sudo service apache2 restart
To be able to log in to WordPress and admin on HTTPS only in wp-config.php, uncomment the following parameters:
define('FORCE_SSL_LOGIN', true); define('FORCE_SSL_ADMIN', true);
You can also change the address of the site from http:// to https:// in the admin panel, in the “Settings” – “General”.
In robots.txt we will specify the site address with https, for example:
Also in sitemap.xml there should be links with https.
In search engines need to apply for re-indexing the site map, in Yandex.Webmaster submit an application to the “Move the site” by ticking the “Add HTTPS”.
In Google Search Console, you need to add the same site with https, it will be indexed separately from http.
Done, now the site can be opened by https.
See also my article – Redirecting requests to SSL