Using an SSL certificate and https is incredibly important, not only for security but also for credibility with more recent browser updates displaying “not secure” on sites accessed over http. This guide will walk you through installing LetsEncrypt and provisioning an SSL certificate. For the sake of this turorial, I am provisioning an SSL certificate for one of my parked domains, and set up the DNS for all the subdomains earlier.
For this article, we are assuming the following;
- Your domain name is registered and DNS for the root domain as well as any subdomains you want to issue a certificate for if pointed towards the server you will be performing these steps on.
- You have root or sudo access to the server.
1. Install the certbot-auto client for LetsEncrypt
We are going to be installing the certbot client to the /usr/sbin directory, enter the following commands to install the client;
sudo wget https://dl.eff.org/certbot-auto -O /usr/sbin/certbot-auto
sudo chmod a+x /usr/sbin/certbot-auto
2. Provision and install an SSL certificate
Run the following command to provision an SSL certificate, for each domain/subdomain you want included in the certificate add -d yourdomain.ext or -d subdomain.yourdomain.ext.
Tip: Always useuse the root domain first (-d domainname.ext)
sudo certbot-auto certonly -d wpsitedesign.com.au -d www.wpsitedesign.com.au -d mail.wpsitedesign.com.au -d dev.wpsitedesign.com.au
Approve the installation of any dependancies and you will end up at a screen where you select an authentication method. I prefer to select
1 for Nginx plugin. But you can use other authentication methods if you would prefer.
If it is your first certifcate on this machine you will need to enter an email address for account registration and accept terms to proceed.
Your certificate will be stored at
Your private key will be stored at
You will need to update the certificate location in the nginx server configuration to use them. If you are using the custom site block from the KB Article – Create a custom site block with Nginx details on how to do this are in the next step.
3. Add your SSL certificate to your config file.
For this step, I am using editing the config in the custom site block configured in the KB Article – Create a custom site block with Nginx – You will need to edit your Nginx configuration depending on how your server is set up.
sudo mv http.conf http.conf.disable – Disables non SSL config
sudo mv https.conf.disable https.conf – Enables SSL config
Open the SSL configuration in an editor such as nano
sudo nano https.conf
Ensure that the references for `ssl_certificate` and `ssl_certificate_key` point towards your certificate and key. If you are using the
https.conf file from the previously noted KB Article, there will be two references to each.
If you are using the standard nginx setup then you will need to update the ssl configuration for all of your enabled sites in their own configuration files, rather than those in the custom site block shown.
Test your nginx config with
sudo nginx -t
If everything comes back okay, its time to reload nginx.
sudo systemctl reload nginx
Your SSL certificate is now in use and the config file is forcing the redirect of http traffic to https, and www traffic to non-www (yourdomain.ext instead of www.yourdomain.ext)