Let’s Encrypt!
At this point, you can start digging into the WordPress configurations, but it is highly recommended to install an SSL certificate and redirect traffic to https. Continue on for those directions.
-
Adding SSL from Let’s Encrypt
Security should be the top of mind with anything online. SSL providers such as Let’s Encrypt offer free to cheap methods for easily utilizing https.
Below we will wget an RPM for pyOpenSSL. I have found certbot requires at least version 0.15.1-1. Pleas utilize one of the links HERE if you do not at least have this version.
First let’s modify the URLs in the the admin UI. This is located under Dashboard > Settings > General. Update both fields to point to HTTPS://
Now let’s get back into the CLI and finish configuring SSL. Time to install Install certbot.
yum -y install python-certbot-apacheRequest Let’s Encrypt Certificates
certbot certonly --webroot -w /var/www/html/ --renew-by-default --email [email protected] --text --agree-tos -d www.yourdomain.com -d yourdomain.comVerify Certs
ls /etc/letsencrypt/live/www.yourdomain.com/Create cron job to run every Sunday for automatic updates
sudo crontab -e
0 0 * * 0 /usr/bin/certbot renew >> /var/log/certbot-renew.logModify appache ssl.conf and point to certs
sudo vi /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/letsencrypt/live/www.yourdomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.yourdomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.yourdomain.com/fullchain.pemEncrypt backend with the following
sudo vi /var/www/html/wp-config.phpAdd following line anywhere above the text “That’s all, stop editing!”
define('FORCE_SSL_ADMIN', true);
:wq!
####Restart Apache
sudo systemctl restart httpdVerify your domain by navigating to your url in a browser. If all is good, you should see the lock/green/browser specific A.O.K
-
Adding HTTPS and WWW Redirects
It’s important to ensure users navigating to your website get redirected to the HTTPS url. Here we are going to configure HTTPS on the website, and modify the .htaccess files to redirect all calls to both https, and append www if that is desired.
First, modify the httpd.conf to allow overrides.
sudo vi /etc/httpd/conf/httpd.confFind <Directory “/var/www/html”> and change AllowOverride to ‘All’
Modify .htaccess (controls redirects)
sudo vi /var/www/html/.htaccessAdd the following UNDER the ‘# END WordPress’ line or your settings will be overwritten!
# Redirect IP
RewriteCond %{HTTP_HOST} ^x.x.x.x
RewriteRule ^(.*)$ https://www.<URL>.com/$1 [R=301,L]
# Redirect to www
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.<URL>.com/$1 [R=301,L]
# Redirect to HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://www.<URL>.com/$1 [R=301,L]
Open up a few incognito pages and test your redirects. At this point all should be working as desired. Now go on out there and start installing themes, plugins, and creating your site!
Sources
A special thanks to the following sources. I pieced together bits and pieces from each of these to make a single cohesive document. These are in no specific orderingHow to Install WordPress with Apache + Let’s Encrypt SSL + W3 Total Cache + Cloudflare + Postfix on CentOS 7
How to Install PHP 7.3 on CentOS 7 / Fedora
How To Install WordPress On CentOS 7 Linux
How To Redirect www to Non-www with Apache on CentOS 7
How to Move HTTP to HTTPS on WordPress
