Using Let's Encrypt SSL With Your WordPress Project

What's Let's Encrypt?

For years, purchasing, renewing, installing and managing SSL certificates overwhelmed me with expense and complexity. Now, Let's Encrypt makes it fairly simple and free.

Let’s Encrypt is an emerging, free, automated, and open certificate authority brought to you by a California public benefit corporation called the Internet Security Research Group—it also has nonprofit status. 

Its goal is to make HTTPS become the default Internet browser protocol to ensure greater privacy and security on the web. Mozilla and the Electronic Frontier Foundation are two of its platinum sponsors:

Whats Lets Encrypt Platinum sponsors

Let's Encrypt entered public beta in December, so I can now easily guide you through exploring its services.

In this tutorial, I'll walk you through installing Let's Encrypt on a few of my websites, including my WordPress consulting website, http://lookahead.io, soon to be https://.

Before we get started, please remember, I do try to participate in the discussions below. If you have a question or topic suggestion, please post a comment below or contact me on Twitter @reifman.

Let's Encrypt Feature Summary

Let’s Encrypt runs on Python working with Apache to automate certificate registration and renewal, simplifying the process of activating HTTPS capability for any website, including WordPress.

Here are the key benefits that Let's Encrypt delivers:

  • Free: Anyone with a domain name can register a trusted certificate without cost.
  • Automatic: An Apache web server can easily acquire a certificate, securely configure it, and automatically manage renewal.
  • Secure: Let’s Encrypt will advance TLS security best practices, both as a Certificate Authority and by helping sites maintain secure servers.
  • Transparent: All certificate transactions are publicly recorded and available for inspection.
  • Open: The automatic issuance and renewal protocol will be published as an open standard.
  • Cooperative: Let’s Encrypt is a community effort to benefit everyone.

Installing SSL With Let's Encrypt

Let's begin by updating my server, Apache Ubuntu.

If you don't have Git installed on your server, it's best to have it to install Let's Encrypt:

Once installed, clone the Let's Encrypt software into the Apache opt sub-directory for third-party applications:

First I experimented with installing Let's Encrypt on my Fever news reader application, not WordPress. I host it at http://fever.lookahead.io:

The Setup Wizard

To begin, you'll be asked for your email address:

Lets Encrypt Installation Email Request

Then shown the Terms of Service:

Lets Encrypt Installation Terms of Service

Let's Encrypt gives you the option of offering HTTPS as a secondary option or directing all traffic to HTTPS:

Lets Encrypt Select HTTPS mode

You're done in minutes:

Lets Encrypt Congratulations

You'll also be shown some notes on certificate expiration and renewal:

Installing on WordPress

To install Let's Encrypt SSL on my WordPress consulting site, it was just as easy. There was just one minor difference. I asked Let's Encrypt to support the www sub-domain as well:

You can go visit it now, either HTTP or HTTPS, you'll end up here, https://lookahead.io:

Lets Encrypt Lookahead Consulting

SSL Reports

You can go to sites like Qualys SSL Labs to get a site report on your SSL capability:

https://www.ssllabs.com/ssltest/analyze.html?d=fever.lookahead.io

Lets Encrypt SSL Qualys Labs

Here's the authentication page:

Lets Encrypt SSL Qualys Labs Authentication

Certificate Auto-Renewal

Auto-renewal is pretty simple too. First, we grab the renew script and give it execution privileges:

Lets Encrypt Set up auto renewals

Then run the script for each domain:

And you can set up a cron job to run regularly:

Add this line:

Troubleshooting

I did run into a few quirks that I thought I'd share. When I installed SSL for my old Community Starter open-source project (both root domain and www), Let's Encrypted gave this error:

I had set up a wildcard alias in my conf file:

This change fixed it, adding an alias for www holdouts:

Then the home page embedded Vimeo video failed:

Lets Encrypt Vimeo Not Working with HTTPS

I just had to change the iframe to the Vimeo player to use HTTPS:

Problem solved:

Lets Encrypt Vimeo Working with HTTPS

In Closing

I'm very impressed with the community goal Let's Encrypt has delivered on with quality and ease. Web publishers everywhere will benefit from simple, free SSL. Thank you EFF, Mozilla, and Let's Encrypt!

Lets Encrypt Donate

You can donate to either Let's Encrypt or EFF to support this work:

You can learn more technical detail about their software here. Let's Encrypt also has a well-structured community forum:

Lets Encrypt Community Forum

What's Next?

Let's Encrypt is actively working on finishing its first public release:

We have more work to do before we’re comfortable dropping the beta label entirely, particularly on the client experience. Automation is a cornerstone of our strategy, and we need to make sure that the client works smoothly and reliably on a wide range of platforms.

To keep up with the latest code, just update your git tree occasionally:

My primary WordPress site runs with Varnish 3.x currently. This doesn't work out of the box with Let's Encrypt. I will probably spend some time soon tracking down a solution for that.

In the meantime, if you're looking for other utilities to help you build out your growing set of tools for WordPress or for code to study and become more well-versed in WordPress, don't forget to see what we have available in Envato Market.

If you have questions, please post them below. Or you can contact me on Twitter @reifman. Please check out my Envato Tuts+ instructor page to see other tutorials I've written, such as Cloning WordPress in Linux (in 90 seconds).

Related Links

Tags:

Comments

Related Articles