Certbot with Apache: Difference between revisions
No edit summary |
|||
| Line 9: | Line 9: | ||
To never have to buy an SSL certificate for a web site ever again. And as if that weren't enough, to also never have to worry about renewing the certificate either. Sound too good to be true? Well a group of people decided to do something that essentially makes that possible. | To never have to buy an SSL certificate for a web site ever again. And as if that weren't enough, to also never have to worry about renewing the certificate either. Sound too good to be true? Well a group of people decided to do something that essentially makes that possible. | ||
== | ==Certbot Installation & Configuration== | ||
===Install Certbot=== | ===Install Certbot=== | ||
| Line 40: | Line 40: | ||
I don't know how to categorize these next comments, and I don't want it to sound like I'm criticizing them. I suppose 'funny' might be the best category to put it in, so here goes... It took me several hours to read the documentation, experiment with things, and get a full grip on how everything worked. In the end, I realized that the above "Quick Start" instructions are all that are needed to make things work. | I don't know how to categorize these next comments, and I don't want it to sound like I'm criticizing them. I suppose 'funny' might be the best category to put it in, so here goes... It took me several hours to read the documentation, experiment with things, and get a full grip on how everything worked. In the end, I realized that the above "Quick Start" instructions are all that are needed to make things work. | ||
===Web Server Configuration=== | == Apache, WordPress, etc. Configuration & Testing == | ||
===Apache Web Server Configuration=== | |||
The next step is to configure the Apache configuration files with the Certificates, SSL changes, etc. All of this can be done automatically with Certbot (not detailed in this article) or configured manually (as I prefer to do it). | The next step is to configure the Apache configuration files with the Certificates, SSL changes, etc. All of this can be done automatically with Certbot (not detailed in this article) or configured manually (as I prefer to do it). | ||
===WordPress Configuration=== | ===WordPress Configuration=== | ||
| Line 65: | Line 64: | ||
</syntaxhighlight>The last two lines in the above code eliminate the possibility of an administrator or other editor making a mistake (and logging in with HTTP instead of HTTPS) when they login. | </syntaxhighlight>The last two lines in the above code eliminate the possibility of an administrator or other editor making a mistake (and logging in with HTTP instead of HTTPS) when they login. | ||
WordPress makes it hard to switch from HTTP to HTTPS, so try this site to scan for issues: [https://www.whynopadlock.com/results/02d0cc06-1d61- https://www.whynopadlock.com/] | WordPress makes it hard to switch from HTTP to HTTPS, so try this site to scan for issues: [https://www.whynopadlock.com/results/02d0cc06-1d61- https://www.whynopadlock.com/]. Images (especially header images) can be problematic to change from HTTP to HTTPS, so plugins like this are useful: SSL Insecure Content Fixer (Please note, this plugin may produce a performance hit on websites). For a permanent fix, try a plugin named "Better Search Replace". As a precaution, make a backup of the WordPress database before changing anything with that plugin. A quick tip on using it: CTRL A does not work in the field selection for this plugin. Instead, select the first item, scroll to the bottom of the list, hold down the Shift Key and click the last item to select everything. | ||
===Testing=== | |||
At the end of the Certbot script when obtaining a certificate, it recommends this website to test the SSL: https://www.ssllabs.com/ssltest | |||
=== | ===Conclusions (thus far)=== | ||
All done... | All done... | ||
==Details== | ==Granular Details & Information== | ||
===Apache and Webroot Plugins=== | ===Apache and Webroot Plugins=== | ||