One thing I’ve been looking a lot of recently with the WP Taxi Me Premium updates is the security of connections and server and serving pages over SSL. It’s set to be a big thing, what with Google treating SSL Rankings as a Ranking Signal now, but it is something that any serious webmaster should look to do. For a good overview of SSL, check out Tim Nash’s blog post on it. Read that, and then come back to me.
One thing I’ve tried to do is serve WordPress over SSL by setting up manually, but in the end I ran out of patience with it and found a service that did most of the heavy lifting for me: ServerPilot.
ServerPilot I’ve been using for as long as I’ve been using Digital Ocean, as it’s great as far as I’m concerned – it gives me peace of mind as it keeps PHP up to date and sets up the firewall for me, so if you have a Digital Ocean site I’d recommend using that. Setting up SSL on WordPress using Serverpilot is quite easy, but does need a few steps. Here is our guide on how to get your WordPress site on Digital Ocean served over SSL:-
1. Log Into Your Digital Ocean Server
The first job is to obviously log into your Digital Ocean server. This needs to be done over SSH, which means opening up the command line. Don’t worry, it’s very straightforward. I use this guide by Mitchell Anicas on how to connect to your Digital Ocean via SSH whenever I forget.
2. Create a SSL Key & Certificate Signing Request
When you are logged in, you need to create a couple of certificates. These are easily done by running a few commands via the terminal. Be sure to rename YOUR_DOMAIN_NAME with your domain name:-
mkdir -p ~/certs/YOUR_DOMAIN_NAME
(umask 077 && touch YOUR_DOMAIN_NAME.key)
openssl req -new -newkey RSA:2048 -nodes -keyout YOUR_DOMAIN_NAME.key -out YOUR_DOMAIN_NAME.csr
What this does is:-
- Create a directory on your server.
- Moves to that directory
- Sets the permissions of the directory and creates a new file called YOUR_DOMAIN_NAME.key.
- Requests a new SSL certificate and populates them in your YOUR_DOMAIN_NAME.key and YOUR_DOMAIN_NAME.csr.
Hit enter after all of these, and the following will display:-
Eventually, the server will ask you a few questions. These are optional, but make sure that you answer the following questions correctly:-
- The Common Name must be your domain name, without your domain name suffix.
- The Password (or Challenge Phrase) must be left blank.
What I do now is open up the files into terminal (using the
sudo nano [filename] command), and then copy and paste them into a text editing suite. In the end you’ll have two files that look like this.
Don’t worry this isn’t my certificate for anything, but now onto the next step!
Incidentally: Be sure that you keep your private key private. You will have to get the certificate issued again should it not be (so basically repeat all steps again).
3. Buy Your Signed SSL Certificate
You now need to buy your Signed SSL Certificate. There are various types of SSL certificates, as covered in Tim’s post. I use on this site Namecheaps’ SSL certificate (the cheapest one you can get), so the rest of the post will cover this.
Be warned. Some certificates issue two certificates (for non-www and www) should you put your domain name with the www. So if you put in a non www domain name, you may need to buy two certificates (one for non-www and one for www). Check with your certificate issuer before buying.
4. Create Your Signed SSL Certificate
When bought, you need to then create your signed SSL Certificate. Within Namecheap click on “Activate Now” to activate your signed SSL certificate. Select what type of server you have, and then copy your .csr certificate (leaving out the —–BEGIN CERTIFICATE REQUEST—– and —–END CERTIFICATE REQUEST—–) into the box provided and then click next.
You will then be prompted of the email address associated with your server. With Namecheap you can select only a set few email addresses (such as admin@), so make sure you can access one of these. Click next, fill in your contact details, and then you should receive an email. This email will be one of those emails to verify everything is correct, so when verified you should receive your certificates.
5. Add It To the SSL tab in Serverpilot
When you receive your certificates, log into Serverpilot. Paste your SSL key and SSL certificate in the relevant boxes. Please note these do need the headers & footers present (so —–BEGIN PRIVATE KEY—– & —–END PRIVATE KEY—–, as well as —–BEGIN CERTIFICATE—– & —–END CERTIFICATE—–). You will also have to add your CA certificates (which should be clearly be stated in your email) into the box one after each other. This is so the site will be available over some browsers – mainly mobile browsers – that show a big warning that could really affect your conversion rate over mobile. So avoid it.
Congratulations, your site will be available over HTTPS. You will notice that you may have to correct insecure assets to make things work perfectly, but most reputable themes & plugins will allow you to load things over SSL straight away.
To test if your server is successfully serving over SSL feel free to use the SSL Server Test tool here.