Why enabled SSL on your WordPress blog?
What SSL does, is encrypt the information that passes between the different points before it reaches the destination server. The obvious problem with unencrypted data is that as it passes through each of these points, it is in plain text which means anyone could potentially read it.
SSL has traditionally been used on larger websites and e-commerce stores where people care more about their information being kept safely and away from potential threats.
For a long time, SSL was out of reach for the little guy or hobby blogger as the cost involved with acquiring a SSL certificate was quite high.
Now that the Let’s Encrypt service has been launched and is completely free, it’s highly recommended that webmasters start enabling SSL on their websites, big or small.
Once HTTP/2 becomes more mainstream, you will be required to have SSL enabled on your site if you want to adopt it. While it’s not a strict requirement, Browsers like Firefox have already stated they will not support unencrypted HTTP/2 connections.
WordPress SSL on an Nginx server
While setting up SSL on this website, I documented the whole process step by step so that you can do the same on your blog.
As I mentioned in the video, Let’s Encrypt is still very new and, specifically on Nginx, not 100% supported just yet, even though it’s quite easy to get working.
Here is the video. See below for the commands that I run and configs I used, for copying and pasting in your own terminal window.
WordPress SSL Nginx Commands and Configs
Use this command to clone the project to your server
git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt
Now to generate the certificate
./letsencrypt-auto certonly -a standalone -d mattgeri.com -d www.mattgeri.com
Lastly, the Nginx server domain config
listen 443 ssl spdy; listen [::]:443 ssl spdy; ssl_certificate /etc/letsencrypt/live/mattgeri.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/mattgeri.com/privkey.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:10m; ssl_protocols TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'; ssl_prefer_server_ciphers on; add_header Strict-Transport-Security max-age=15768000; ssl_stapling on; ssl_stapling_verify on; ## verify chain of trust of OCSP response using Root CA and Intermediate certs ssl_trusted_certificate /etc/letsencrypt/live/mattgeri.com/chain.pem; resolver 220.127.116.11 18.104.22.168 valid=86400; resolver_timeout 10;
Renew your Let’s Encrypt Nginx Certificate
To renew your SSL certificate, simply stop your server, run the command below and then start it again.
# Stop your server (Ubuntu specific) sudo service nginx stop # Renew certificate ./letsencrypt-auto renew # Start service sudo service nginx start