How to configure SSL and HTTPS for WordPress

I recently set up SSL certificates on several WordPress sites.

The sites were hosted on a dedicated server under the control of Ubuntu, on this first thing I created a directory for certificates and switched to it:

sudo mkdir /etc/apache2/ssl
cd /etc/apache2/ssl

Enable the SSL module for Apache2 if it is not enabled:

sudo a2enmod ssl

Then I generated the certificate:

sudo openssl req -nodes -newkey rsa:2048 -keyout /etc/apache2/ssl/example.com.key -out /etc/apache2/ssl/example.com.csr

In the process of generation, several questions had to be answered:
Country Name (2 letter code) [AU]: UA (code of the country)
State or Province Name (full name) [Some-State]: Sumy
Locality Name (eg, city) []: Romny
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Private person
Organizational Unit Name (eg, section) []: (empty or the name of the department)
Common Name (e.g. server FQDN or YOUR name) []: example.com (domain name, without http and https)
Email Address []: admin@example.com

You can also sign the generated certificate (this is the contents of example.com.csr) from some kind of domain registrar.
The procedure is cheap and after it is connected will not display a message that the certificate is not signed.

Since there are several sites, the configuration files for each of them are located in the directory /etc/apache2/sites-enabled/.
I’ll choose one of them and at the very end after the standard directive:

<VirtualHost *:80> ...</VirtualHost>

we will add one more, but with 443 port and we will specify ways to certificates:

<VirtualHost *:443>
ServerAdmin admin@example.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/
        <Directory />
                Options -Indexes
                AllowOverride All
        </Directory>
        <Directory /var/www/example.com/>
                Options -Indexes
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/example_com.crt
SSLCertificateKeyFile /etc/apache2/ssl/example_com.key
SSLCertificateChainFile /etc/apache2/ssl/example_com.ca-bundle
ErrorLog /var/log/apache2/example_error-ssl.log
LogLevel warn
CustomLog /var/log/apache2/example_access-ssl.log combined
</VirtualHost>

After the changes, check the configuration and restart apache2:

sudo apachectl configtest 
sudo service apache2 restart

To be able to log in to WordPress and admin on HTTPS only in wp-config.php, uncomment the following parameters:

define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_ADMIN', true);

You can also change the address of the site from http:// to https:// in the admin panel, in the “Settings” – “General”.
In robots.txt we will specify the site address with https, for example:

Host: https://ixnfo.com

Also in sitemap.xml there should be links with https.
In search engines need to apply for re-indexing the site map, in Yandex.Webmaster submit an application to the “Move the site” by ticking the “Add HTTPS”.
In Google Search Console, you need to add the same site with https, it will be indexed separately from http.

Done, now the site can be opened by https.

See also my article – Redirecting requests to SSL

Solving the SSL problem “Connection is not secure – Parts of this page are not secure (such as images)”

I noticed once one site with a signed SSL certificate, a message from the Mozilla Firefox browser:

Connection is not secure – Parts of this page are not secure (such as images)

As it turned out, images from other sources were inserted on the site, so the connection can be considered not protected, and to solve this problem, you need to upload images to the current site and change the link on the pages, necessarily starting with https://.

If the site works on http:// and https://, and the pictures are on it, then the links should be changed for example from:

<img src="http://www.ixnfo.com/img.jpg">

to

<img src="/img.jpg">

Done.

Redirecting requests to SSL

I will describe several options for redirecting requests from HTTP to HTTPS, the first and second methods are the most reliable:

1) Across virtual hosts.
In the site configuration, add the line “Redirect”, for example, when an SSL certificate was installed on the site and you need to redirect all requests to HTTPS:

NameVirtualHost *:80
<VirtualHost *:80>
   ServerName ixnfo.com
   ServerAlias www.ixnfo.com
   Redirect / https://ixnfo.com/
</VirtualHost>

<VirtualHost *:443>
   ServerName ixnfo.com
   ServerAlias www.ixnfo.com
   DocumentRoot /var/www/html
   SSLEngine On
   ...
</VirtualHost>

If you want to redirect only some requests:

NameVirtualHost *:80
<VirtualHost *:80>
   ServerName ixnfo.com
   ServerAlias www.ixnfo.com
   Redirect /forum https://forum.ixnfo.com/
</VirtualHost>

<VirtualHost *:443>
   ServerName ixnfo.com
   ServerAlias www.ixnfo.com
   DocumentRoot /var/www/html
   SSLEngine On
   ...
</VirtualHost>

2) Redirecting using .htaccess.
Similarly, as in the first version, put the .htaccess file in the desired directory of the site and add a line to it (so that the web server takes into account the .htaccess file, you need to specify the option AllowOverride All in the site configuration above):

Redirect /forum https://forum.ixnfo.com/

3) And not the recommended way, using mod_rewrite, the content should be added to the .htaccess file:

# Enabling the Rewrite function
RewriteEngine On
# Verify that the connection is not HTTPS
RewriteCond %{HTTPS} !=on
# We are sending to the same place, but already HTTPS:
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

Another example:

<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_USER_AGENT} ^(.+)$
RewriteCond %{SERVER_NAME} ^ixnfo\.com$ [OR]
RewriteCond %{SERVER_NAME} ^www\.ixnfo\.com$
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
Header add Strict-Transport-Security "max-age=300"
</IfModule>

To allow some pages to open via http and https, add the following in the top example:

RewriteCond %{REQUEST_URI} !^/dir/
RewriteCond %{REQUEST_URI} !^/dir/file.php

See also:
Using .htaccess
How to configure SSL and HTTPS for WordPress
Installing Certbot in Ubuntu