Switching a WordPress site over to HTTPS/SSL

WordPress.com, the official hosted version of WordPress have switched over to enforcing SSL, while this is mostly a political statement, there is some merit, firstly you might actually have some forms which should be secure, allowing users to communicate using the secure channel https provides, secondly there Google have started giving a slight boost to your PageRank when they see SSL in place.

ssl

But if you host your own server, you need to enable and provide a certificate yourself.

First check Apache is listening on 443

netstat -ntpl | grep 443

Create a Certificate Request

If all you need is secure forms and a green padlock as I have used here you can use a Rapid SSL Certificate @ $12.99 a year here.

You can also get a suitable free certificate from StartSSL, I have a walk through here for that. If you are able to use LetsEncrypt, they have a great free certificate thats generated from your server.

Here is a great walk through on enabling SSL and copying the certificate and key over to your server.

To redirect http URLs to https, do the following:

 ServerName www.example.com
 Redirect / https://www.example.com/
ServerName www.example.com
 # ... SSL configuration goes here

Enable SSL for apache

a2enmod ssl

Enable the new SSL config

a2ensite example.com-ssl

Test the new config

apachectl configtest

Restart

sudo /etc/init.d/apache2 restart

Quite often we see that while everything else is working, a firewall might be blocking port 443, check to see if IPTables is blocking

iptables -L -n

If not add the rule

iptables -I INPUT -p tcp --dport 443 -j ACCEPT
/etc/init.d/iptables-persistent save

check to see if UFW is blocking

ufw status

If you don’t see HTTPS or SSL listed

UFW allow https

If your padlock is broken, likely you have some non-ssl content that manually needs having it’s url altered. To check for non HTTPS content use this Why no Padlock tool.

This of course is another one of my reminder walkthroughs, that I will update as I find better instructions, and welcome any improvements.

Leave a Reply

Your email address will not be published. Required fields are marked *