Entrepreneur, WordPress Enthusiast & Digital Marketing Strategist

Generating LetsEncrypt Certificates for cPanel & WordPress

So the LetsEncrypt public beta kicked off last week and there’s a buzz around the web for the vision of a near future where HTTPS is everywhere online. Since the beta launch I decided to see what I could do with my WordPress sites on a SiteGround managed VPS server (WHM+cPanel).

So the goal of LetsEncrypts goal is to have their software solution run locally on your hosting server where it can provision you a new certificate and apply it automatically. This requires root access to the server which isn’t available on shared / managed hosts. I spoke to my SiteGround rep asking for support for this and was advised that they are looking to support it in the near future. Until that support is baked into your shared / managed hosts there is still a way to start utilising these free SSL certificates which I’ll outline below:

Note: This is a manual process and as such it must be repeated before the certificate expires (3 months) to ensure you don’t end up with your site running on an expired SSL which will throw errors to your users. It is intended as a workaround until hosts adopt support for LetsEncrypt on their own servers.

 

What you need

  • Vagrant + VirtualBox (or other Vagrant supported VM software)
  • Putty (or any SSH client)
  • Access to your website filesystem (FTP/SSH/cPanel FileBrowser are all fine)

 

Instructions

First we need to clone the LetsEncrypt repo to our local machine:

Next we need to fire up Vagrant:

SSH into the vagrant machine you just booted (either run vagrant ssh or use the IP:Port provided by vagrant) and run LetsEncrypt for our domain!

You’ll be asked for a contact email address, to agree to the T&CS and then for your domain names. Typically you’d just want to enter

Now you need to prove you own the domain. The prompt will give you a file name and content to put onto your webserver under .well-known/acme-challenge. Go ahead and set that up now using your preferred method (FTP/SSH/cPanel). Once you’ve got that file created jump back into your SSH client and proceed and LetsEncrypt should succeed in validating your domain. If all goes well the process should complete and LetsEncrypt will dump your certificate files into your vagrant machine under /etc/letsencrypt/live/yourdomain.com/.

Note: I had some issues with the domain validation process resetting and regenerating a new file/string. I’m not sure if it’s a timeout or something but if you have trouble just give it a few shots and it should work.

To get the certificate back into your host machine we just need to move it to your shared folder:

Now that we’ve got our certificate files we can install them on our webhost.

For cPanel you’ll want to go paste the content of the following files into the following screens:

  • privkey.pem -> SSL/TLS Manager : Private Keys
  • cert.pem -> SSL/TLS Manager : Certificates

Then SSL/TLS Manager: Manage SSL Hosts -> Select your domain and it should autofill the private key and cert. Paste the chain.pem file into the Certificate Authority Bundle field and click install.

Your SSL certificate is now ready to use!

To swap your WordPress installation over to https you need to change your wordpress address and website url options over to https. Be careful when applying these as sometime rogue .htaccess rules or plugins like iThemes security may try to enforce you back to http causing redirect loops. I’d advise testing this by setting the siteurls in your wp-config.php file first where you can easily remove them if it breaks your site:

Notes: If your theme/plugins don’t declare external URLs using the protocol agnostic “//” you’ll get mixed content errors in your browsers. Replacing hardcoded “http://links” with “//links” should resolve this issue.

 

Categories: Blog, Wordpress

2 Responses

  1. Chris Booth says:

    Thanks for this very helpful tutorial!
    A couple of things you might add (for Vagrant newbies like myself):
    SSH into the vagrant machine: the command is just ‘vagrant ssh’
    At the stage where you copy the certificates to the shared folder, you need a password for su – that’s simply ‘vagrant’ (on my setup at least).
    – Chris

    • Grant says:

      Yep you can use vagrant ssh in your terminal or connect to the vagrant via ssh using the ip:port it gives spits out in the terminal. I’ve added that info above. Thanks for the feedback 🙂

Comments

Your email address will not be published. Required fields are marked *