Enable HTTPS Encryption in 9 Steps

10/10/2017 Obtain a TLS/SSL Certificate and Enable HTTPS Encryption Tania Rascia
Tania Rascia

Tutorials Snippets Tania Portfolio Thoughts
Obtain a TLS/SSL Certi cate and Enable HTTPS

Encryption
January 28, 2016 / 6 responses
This article begins with the assumption that youre not looking for an in-depth explanation of what
HTTPS is, how encryption works, the difference between TLS and SSL, or why you should or
shouldnt obtain a certi cate. There are plenty of articles about that. No, you just want the fancy
green padlock in front of your URL, I hear you.
This is not the only way to enable https on your website. There are a lot of use cases for encryption,
and I only know what Ive done. Lets Encrypt is an alternative method thats free, but still in beta, so
that might be an option for you. Otherwise, read on.
Does This Article Pertain To You?
Youre an individual, not a company

You have a personal website or blog
Your website has a domain name
Your website is running on Apache
Youre not selling stuff
You can spend 9 dollars
What Youll Need
9 dollars
SSH access to your server
https://www.taniarascia.com/https-ssl-tls-certificate-how-to/ 1/10
Con
Tania rmation that your host supports TLS
Rascia
HTTPS
Steps to
Generate a CSR on your server

Obtain an SSL Certi cate
Install certi cate on your server
WordPress?
Ill supply some additional information at the end about making sure HTTPS works properly with
WordPress.
I cant guarantee that this will work for you, or youll that be approved for a certi cate,
but it seems to be a common method that works for most people.
Generate a CSR on Your Server
A CSR is a Certi cate Signing Request. You need to generate one on your server. This is done with
an Open SSL command, which should be available by default from Apache.
SSH into the server, migrate to somewhere that isnt a public directory, and paste the following code,
changing YOURDOMAIN.COM to your domain.
openssl req -new -newkey rsa:2048 -nodes -keyout YOURDOMAIN.COM.key -out YOURDOMAIN
The server will ask you to ll in the following elds:
Common Name (the domain name)

Country (two letter code)
State (spelled out fully)
City
Organization
Organizational Unit (Department)
E-mail
Tania Rasciaaddress

For Organization
and Organizational type NA.
Unit, you should
When youve nished, there should be a .csr and .key .
Search
Obtain an SSL Certi cate
SSL or TLS?
If you want to read more about the differences between TLS and SSL, you may do so here or here.
To over simplify, SSL (Secure Sockets Layer) is the old and TLS (Transport Layer Security) is the
new, but its often still referred to as an SSL certi cate. Here is a website to test your SSL
con guration, which will show you which TLS or SSL youre con gured with, and how all browsers
are responding (sadly, you will lose IE6 support).
Look how well I did!
Pricing
Certi cates can vary from free to $5 to hundreds of dollars and more per year, depending on what
type you get and where you shop. You can get a certi cate from Comodo or Geotrust or
NameCheap or GoDaddy or any number of providers.
PositiveSSL
Tania Rasciaprovided by NameCheap is a popular and inexpensive choice with good
documentation. However, there are plenty of other choices.

Obtain Certi cate
Any party you get your certi cate from will require you to purchase, then validate and approve it.
This will probably be done through email validation, in which theyll send an e-mail to
you@YOURDOMAIN.COM, HTTP, in which you upload a le to your public directory, or DNS based, in
which youll be asked to point a CNAME.
Once validation is complete, you will have your SSL certi cate, which you can download.
A certi cate will only be valid for one year, at which point youll have to renew it.
Install Certi cate on Your Server
The nal step will be to install the certi cate on your server. If youre using shared hosting or
managed hosting, you will need to provide your host with the certi cate so that they can install it for
you.
If not, you can follow this nice guide by Digital Ocean.
You will need to modify your Virtual Host to be listening on port 443 (HTTPS) instead of port 80
(HTTP), specify your SSL key and certi cate les, enable SSL, and restart the server.
Whether your set it up yourself or your host did it for you, going to https://yourdomain.com should
work, except it might throw mixed content warnings youll have to make sure any le being
served from your site is from a https URL.
Once youre absolutely certain everything is working properly, you can point a 301 permanent
redirect from your HTTP address to the HTTPS address.
HTTPS and WordPress
There are a few things youll have to do before WordPress will work properly with HTTPS.
Clear Cache and Disable Caching Plugins

Tania Rascia
Before you begin attempting to serve content from https, make sure to clear the cache and disable

any caching plugins so that they dont keep serving the old les.
Replace Static Files in the Database

Better Search Replace is a reliable plugin that will allow you to replace any string with another
string. Of course, always remember to back up your database before doing anything. Replacing all
instances of http://yourdomain.com/wp-content/ with https://yourdomain.com/wp-content/ should
take care of all uploads and images.
Enable HTTPS
Place this in wp-con g.php.
$_SERVER['HTTPS'] = 'on';
Prevent Admin Panel Redirect Loop

This one will also go in wp-con g.php.
define('FORCE_SSL_ADMIN', true);
Change URL in Database

Either in admin panel settings or from phpMyAdmin or whatever MySQL method youre using,
update the two elds in wp_options to contain https.
Redirect HTTP to HTTPS

Force https on all les.
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Conclusion
Hopefully
this article cleared up the process of enabling encryption on your website. It might seem
Tania Rascia
like unnecessary setup if youre not a company or collecting private information; however, if it costs

$9/year and a few hours to make the web just a little safer, to me its worth it.
Here is a Coding Horror article about web tra c encryption and the future of the web. If nothing
else, it will play a factor in your Google search ranking.
The Author
If you've found this article helpful or interesting and think others would bene t from reading it, please share!
Thank you for reading! I'm Tania Rascia, and I write no-
nonsense guides for designers and developers. If my content
has been valuable to you, please help me keep the site ad-
free and continuously updated with quality tutorials and
material by making a donation. Any amount helps and is
greatly appreciated! Otherwise, let me know any ideas you
have on a course you'd be eager to see.
Donate!
Write a response
Your email address will not be published.
Comment
Name
Tania Rascia

Email Tutorials Snippets Tania Portfolio Thoughts
Post Comment
Discussion
Kyle
August 30, 2016 at 1:05 am
Also SSL now is an SEO ranking factor because it instills con dence in users and increase their good
experience with the website. SSL is very necessary.
Reply
Havjo Anas
August 4, 2016 at 3:18 am
What are your thoughts about CloudFlares exible SSL?
Reply
templates.id
March 10, 2016 at 5:46 pm
I love your style explaining step by step tutorial. Cost of ssl nearly same as cost of domain, are there
any bene t to apply ssl to boost search rangking?
Reply
Rumen
February 17, 2016 at 12:29 am
I did the same using http://letsencrypt.org/ + their SSL certi cates are free
Reply
Tania Rascia
Tania
February 17, 2016 at 9:26 am

Tutorials
Yep, I did includeSnippets
a link to Lets Encrypt atTania
the top of the article.Portfolio Thoughts
This is just another method I
chose this method because I only have to renew once a year, instead of every 30 days.
Reply
Andy Storey
June 28, 2016 at 2:47 pm
If you have access to the command line on your host, you can setup a crontab job to renew every
30 days!
eg:
30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log
Tania's List
My tutorials, guides, and articles for web designers, developers, and autodidacts, sent out once a
month or so. No bullshit, ads, or tricks.
Email address
I'm Tania Rascia, a web designer/developer, autodidact, tech writer and problem solver. I love
hiking, karaoke, recording music, and building communities. Say hello!

Open source MIT.
My site is free and free of ads, clickbait, popups, guest posts, and sponsored content. Has this
site been valuable to you? Please consider donating so I can continue creating!
Donate!

Enable HTTPS Encryption in 9 Steps

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Enable HTTPS Encryption in 9 Steps

Enviado por

Direitos autorais:

Formatos disponíveis

10/10/2017 Obtain a TLS/SSL Certificate and Enable HTTPS Encryption Tania Rascia

Obtain a TLS/SSL Certi cate and Enable HTTPS

Does This Article Pertain To You?

Youre an individual, not a company

What Youll Need

Generate a CSR on your server

Generate a CSR on Your Server

The server will ask you to ll in the following elds:

Common Name (the domain name)

When youve nished, there should be a .csr and .key .

Look how well I did!

Obtain Certi cate

Install Certi cate on Your Server

If not, you can follow this nice guide by Digital Ocean.

HTTPS and WordPress

Clear Cache and Disable Caching Plugins

Replace Static Files in the Database

Prevent Admin Panel Redirect Loop

Change URL in Database

Redirect HTTP to HTTPS

What are your thoughts about CloudFlares exible SSL?

Você também pode gostar