1. Login to your OpenLightSpeed webadmin Ex: domain.com:7080
2. Go to Listeners page
3. Edit the SSL listener with port 443
4. Navigate to SSL tab
5. Update private key file and certificate file paths as below

/var/www/html/keys/private.pem
/var/www/html/keys/certificate.crt

6. Click SAVE and do a Graceful Restart once.

The post How to install SSL for OpenLightSpeed server – WordPress appeared first on WP Encryption.

1. Login to your WHM panel via 2087 port. Ex: https://domain.com:2087
2. On WHM homepage, click “SSL/TLS” option
3. On “SSL/TLS” page, please click on “Install an SSL certificate on a Domain” option.
4. Please enter your domain name and copy/paste the downloaded cert, key & ca bundle file contents into appropriate fields.
5. Click “Install” to complete the process.

Your HTTPs site should be perfectly working now!

The post How to install SSL certificate for WordPress on WHM panel appeared first on WP Encryption.

1. Login to your SSH console

If you have Nginx server running on cloud platforms like AWS or Digital Ocean, you might be able to login via SSH using Launch Console option. Otherwise, you can login using SSH key file or password via terminal.

2. Upload SSL certificates to secure folder and merge certs

Download crt, key & ca bundle files via WP Encryption plugin interface, rename them as certificate.crt, private.pem, cabundle.crt accordingly for easier identification and upload them onto a secure folder of your choice. Let’s assume you uploaded them to /etc/ssl/ directory.

cd /etc/ssl/ and merge certificate.crt and cabundle.crt files using below SSH command

cat certificate.crt cabundle.crt >> cert.crt

3. Update Nginx virtual host with correct SSL paths

cd /etc/nginx/sites-enabled/ directory and modify the default file using nano editor. If you don’t find any file here, copy the default file from /etc/nginx/sites-available/ to /etc/nginx/sites-enabled/ using cp command.

Now you need to find lines similar to below:

server {

    listen 443 ssl;    
    
    ssl_certificate        /etc/ssl/certificate.crt; 
    ssl_certificate_key    /etc/ssl/private.key;

ssl_certificate and ssl_certificate_key are the only 2 lines we need to update here. Update these 2 lines with correct paths of merged cert file and key file,

ssl_certificate /etc/ssl/cert.crt;
ssl_certificate_key /etc/ssl/private.pem

Finally, save the config changes.

4. Restart Nginx server for SSL changes to take effect

Nginx server can be restarted using below SSH command

sudo service nginx restart

Once after successful restart, your HTTPs site should be working perfectly!.

The post How to install SSL for WordPress on Nginx server appeared first on WP Encryption.

1. Login to your SSH console

If you have Apache server running on cloud platforms like AWS or Digital Ocean, you might be able to login via SSH using Launch Console option. Otherwise, you can login using SSH key file or password via terminal.

2. Determine your Apache server version

If you are sure about having httpd or apache2 server, please proceed to next step.

Running the below SSH commands will help you identify whether you have httpd or apache2 server.

sudo systemctl is-enabled httpd

sudo systemctl is-enabled apache2

One of these will respond with enabled. Please follow below steps based on which server type is enabled.

3. Install SSL for Apache httpd server

Please run the below SSH command to install SSL module if not already installed:

sudo yum update -y

sudo yum install -y mod_ssl

If you have Linux 2, please run below command instead of above one

sudo yum install -y mod24_ssl

3a. Modify httpd config file with correct SSL paths

Now it’s time to correct the SSL cert, key and ca bundle paths in default config file. CD into /etc/httpd/conf.d/ and edit ssl.conf file

cd /etc/httpd/conf.d/

sudo nano ssl.conf

You need to look for SSLCertificateFile, SSLCertificateKeyFile & SSLCACertificateFile lines. Assuming your site is hosted / stored in /var/www/ directory and SSL certificates generated with WP Encryption WordPress plugin stored in keys directory, modify the 3 lines to look like this:

SSLCertificateFile /var/www/keys/certificate.crt
SSLCertificateKeyFile /var/www/keys/private.pem
SSLCACertificateFile /var/www/wp-content/plugins/wp-letsencrypt-ssl/cabundle/ca.crt

Save the file by pressing CTRL+O and exit editor with CTRL+X. CMD+O and CMD+X on Mac Terminal.

3b. Restart httpd server for SSL changes to take effect

Now we are done with the server config changes, it’s time to restart apache httpd server once for changes to take effect. Please run the below SSH commands to do so:

sudo systemctl restart httpd

OR

sudo service httpd restart

Your HTTPS site should be working perfectly now!.

4. Install SSL for Apache2 server

Enable SSL module using below command if not already enabled

sudo a2enmod ssl

cd /etc/apache2/ and check if sites-available & sites-enabled directory exists. if exists – cd into sites-available and you should find a config file like default-ssl.conf. Using the default file name, Please run the below command to enable it and then modify this file,

sudo a2ensite default-ssl.conf
sudo nano default-ssl.conf

If you don’t find sites-available & sites-enabled directory, You should probably modify apache2.conf file.

You need to look for SSLCertificateFile, SSLCertificateKeyFile & SSLCACertificateFile lines. Assuming your site is hosted / stored in /var/www/html/ directory and SSL certificates generated with WP Encryption WordPress plugin stored in keys directory, modify the 3 lines to look like this:

SSLCertificateFile /var/www/html/keys/certificate.crt
SSLCertificateKeyFile /var/www/html/keys/private.pem
SSLCACertificateFile /var/www/html/wp-content/plugins/wp-letsencrypt-ssl-pro/cabundle/ca.crt

Save the file by pressing CTRL+O and exit editor with CTRL+X. CMD+O and CMD+X on Mac Terminal.

4a. Restart Apache2 server for SSL changes to take effect

Now we are done with the server config changes, it’s time to restart apache2 server once for changes to take effect. Please run the below SSH commands to do so:

sudo systemctl restart apache2

OR

sudo service apache2 restart

Your HTTPS site should be working perfectly now!.

The post How to install SSL for WordPress on Apache server appeared first on WP Encryption.

In this tutorial, We will be installing free SSL certificate provided by Let’s Encrypt® (open certificate authority) , you are free to use SSL certificate from any certificate authority unless you have SSL certificate for each of mapped domain name.

Technical Requirements:

• Linux server
• Apache
• SSH / Command line access with root privileges
• Your server should have SNI support (Server Name Indication)

1. Generate SSL certificate for each mapped domain of multisite network

First of all, you will need SSL certificates generated for each of domain you have mapped. We have a very handy WordPress plugin to make this SSL generate job very easier “WP Encryption“. Buying an SSL certificate for each domain of your network would cost several $$$ each year, if you have large ecommerce sites or membership portals in your multisite network – We would highly recommend purchasing premium standard SSL certificates from one of premium SSL providers out there.

On the other hand, you could make use of free SSL certificates provided by Let’s Encrypt® using WP Encryption plugin as a mechanism to generate and auto renew SSL certificates easily in one click without any need of technical knowledge. Support for mapped domains is offered in “WP Encryption Pro” version (You might need 3 sites / 50 sites license based on number of sites you have). It’s an one time upgrade and lifetime SSL solution.

Upload the WP Encryption Pro plugin via your network -> plugins. Activate the plugin in each individual site (instead of network activation) and enter your license key to activate the premium features. WP Encryption Pro will auto detect your main site & sub-sites and generate SSL certificate accordingly. You will need to open WP Encryption page in your WP-Admin of each site, enter your email address and click on Generate SSL Certificate button.

You will notice a message in response log of WP Encryption saying Certificate for ‘yourdomain.com’ saved. Required SSL certificate files certificate.crt and private.pem will be generated & stored in keys/ folder inside your WordPress directory (in case of main site). For sub sites, it will auto create a separate folder (keys/domain2.com/) inside keys/ folder and store the certificate.crt and private.pem inside it.

2. Install SSL for main site of your multisite network

First, We will go through the process of modifying the apache config file of your server to enable SSL for main site. Note that this config modifications are just one time process & you don’t need to do it again in future. The required certificate.crt and private.pem files for this main site will be stored directly inside keys/ folder as stated above.

Connect via SSH / Command line and navigate to /etc/apache2/sites-enabled/ using below SSH command

cd /etc/apache2/sites-enabled

Run ls -la to see list of files inside this directory. You should notice a file similar to default-ssl.conf, ssl.conf, etc., We will need to modify this config file to set correct SSL paths. Please run the below command to start the editor:

sudo nano default-ssl.conf

Enter root password if prompted. You should notice a <VirtualHost></VirtualHost> config block similar to below one

<VirtualHost _default_:443>
                ServerAdmin webmaster@localhost
                ServerName example.com
                DocumentRoot /var/www/html

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                #   SSL Engine Switch:
                #   Enable/Disable SSL for this virtual host.
                SSLEngine on

                #   SSLCertificateFile directive is needed.
               SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
               SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
              
                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>
</VirtualHost>

You might find the above VirtualHost block much more bigger & it doesn’t need to be same as above. Out of the above block, you only need to focus on 4 lines i.e., ServerName, DocumentRoot, SSLCertificateFile, SSLCertificateKeyFile. Modify these 4 lines based on below instructions:

• ServerName yourdomain.com
• DocumentRoot should point to your WordPress directory, this will be /var/www/html most of the time on an apache server.
• SSLCertificateFile should point to certificate.crt file inside keys dir Ex: /var/www/html/keys/certificate.crt
• SSLCertificateKeyFile should point to private.pem file inside keys dir Ex: /var/www/html/keys/private.pem

Once after you correct these 4 lines, press CTRL + O to save the changes, CTRL + X to exit file editor and restart apache server once using below command

sudo service apache2 restart

Now open your main site with https:// protocol and you should see Let’s Encrypt valid certificate while clicking on padlock in browser address bar which means you have perfectly configured SSL for your main site.

3. Install SSL for sub sites / mapped domains

This process will be very similar to above changes except minor differences. CD into /etc/apache2/sites-enabled and sudo nano default-ssl.conf again.

Now you will need to replicate the <VirtualHost></VirtualHost> block one below another for each mapped domain and correct the 4 lines as stated above. The only difference is the SSL certificate & key paths will be inside sub-directory inside keys/ folder. An example replication for mapped domain2.com would look like below:

<VirtualHost _default_:443>
                ServerAdmin webmaster@localhost
       ServerName maindomain.com
       DocumentRoot /var/www/html

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                #   SSL Engine Switch:
                #   Enable/Disable SSL for this virtual host.
                SSLEngine on

                #   SSLCertificateFile directive is needed.
       SSLCertificateFile      /var/www/html/keys/certificate.crt
       SSLCertificateKeyFile /var/www/html/keys/private.pem
              
                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>
</VirtualHost>

<VirtualHost _default_:443>
                ServerAdmin webmaster@localhost
      ServerName domain2.com
      DocumentRoot /var/www/html

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                #   SSL Engine Switch:
                #   Enable/Disable SSL for this virtual host.
                SSLEngine on

                #   SSLCertificateFile directive is needed.
      SSLCertificateFile    /var/www/html/keys/domain2.com/certificate.crt
      SSLCertificateKeyFile /var/www/html/keys/domain2.com/private.pem
              
                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>
</VirtualHost>

Finally, You are all set with the config changes and just need to restart server once for config changes to take effect.

sudo service apache2 restart

Now make sure a valid certificate exists for all your mapped domains by accessing the https:// version of them. Once after everything looks perfect, You can change site & admin url of all mapped domains to https:// protocol and enable “Force HTTPS” feature of WP Encryption if you notice any mixed content warnings in browser console.

We tried to be as transparent as possible so please excuse for a lengthy explanation.

The post Easy Install SSL for WordPress Multisite Mapped Domains appeared first on WP Encryption.

Technical Requirements:

• Bitnami WordPress
• SSH / Command line access with root privileges

1. Generate free SSL certificate provided by Let’s Encrypt®

To keep this very simple, We will make use of a WordPress plugin “WP Encryption” to generate free SSL certificate in one click.

All you need to do is just install & activate the plugin on your WordPress Admin, navigate to WP Encryption page, enter your email address and click on Generate SSL Certificate button.

This process will request and retrieve free SSL certificate from Let’s Encrypt authority for your domain. SSL certificates provided by Let’s Encrypt authority will expire in 90 days and you will need to re-generate new certificates again using the same process before the expiry date. SSL certificates cost you several $$$ a year, You could upgrade to “WP Encryption Pro” to avail auto renew feature and lifetime SSL mechanism. The required certificate.crt and private.pem files will be generated and stored in keys/ folder inside your WordPress directory.

2. Configure Bitnami to use SSL certificates by Let’s Encrypt®

Assuming you are on a default setup of Bitnami / AWS Lightsail WordPress, You will need to configure the server config file to use SSL certificate and key from correct path. This is an one time process and you don’t ever need to do it again.

Solution 1

Create a symbolic link from existing / current SSL certificate to new SSL certificates generated & stored by WP Encryption plugin. You can do so by connecting via SSH / Command line to your server and run the below SSH commands,

For Latest Bitnami:

If you are using latest bitnami instance where your WordPress site files are located in /opt/bitnami/wordpress/ folder,

cd /opt/bitnami/apache/conf/bitnami/certs

sudo ln -sf /opt/bitnami/wordpress/keys/certificate.crt server.crt

sudo ln -sf /opt/bitnami/wordpress/keys/private.pem server.key

sudo /opt/bitnami/ctlscript.sh restart apache

For Older Bitnami:

If you are using older bitnami instance where your WordPress site files are located in /opt/bitnami/apps/wordpress/htdocs/ folder, please use below commands instead of above,

cd /opt/bitnami/apache2/conf

sudo ln -sf /opt/bitnami/apps/wordpress/htdocs/keys/certificate.crt server.crt

sudo ln -sf /opt/bitnami/apps/wordpress/htdocs/keys/private.pem server.key

sudo /opt/bitnami/ctlscript.sh restart apache

Finally, Open your site with https:// protocol and check if valid certificate exists as below. If so, you are all set so please skip solution 2.

Solution 2

If the above symlink method fail, We will need to modify WordPress hosts config to use SSL certificates from correct path. Please login via SSH / Command line and follow the below procedure:

Latest Bitnami:

cd /opt/bitnami/apache2/conf/vhosts/

sudo nano wordpress-https-vhost.conf

Older Bitnami:

cd /opt/bitnami/apps/wordpress/conf/

sudo nano httpd-vhosts.conf

You will find a VirtualHost block similar to below

<VirtualHost *:443>
    ServerName yourserverdomain.com
    ServerAlias *.yourserverdomain.com
    DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"

    SSLEngine on

  SSLCertificateFile "/opt/bitnami/apps/wordpress/conf/certs/new_server.crt"
  SSLCertificateKeyFile "/opt/bitnami/apps/wordpress/conf/certs/new_server.key"

    Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"
</VirtualHost>

All you need to modify here are the SSLCertificateFile and SSLCertificateKeyFile lines as below

Latest Bitnami:

SSLCertificateFile "/opt/bitnami/wordpress/keys/certificate.crt"

SSLCertificateKeyFile "/opt/bitnami/wordpress/keys/private.pem"

Older Bitnami:

SSLCertificateFile "/opt/bitnami/apps/wordpress/htdocs/keys/certificate.crt"

SSLCertificateKeyFile "/opt/bitnami/apps/wordpress/htdocs/keys/private.pem"

After making these changes, press CTRL + O to save the changes and CTRL + X to exit the file editor. Now We will need to include this httpd-vhosts config file in main config file of Bitnami, please run below commands

NOTE: Skip to restart command below if you are on Latest Bitnami server.

cd /opt/bitnami/apache2/conf/bitnami/

sudo nano bitnami-apps-vhosts.conf

This will open Bitnami vhosts file editor, at the very bottom of the file add the below line in a new line

Include "/opt/bitnami/apps/wordpress/conf/httpd-vhosts.conf"

After making these changes, press CTRL + O to save the changes and CTRL + X to exit the file editor. Lastly, restart Bitnami for changes to take effect using below command

sudo /opt/bitnami/ctlscript.sh restart

Either one of the above two solutions would definitely succeed with the SSL setup for your Bitnami WordPress. Once after you see a valid SSL certificate accessing the https:// version of your site, please change the site & admin url to https:// via Settings -> General of WP-Admin and also enable “Force HTTPS” feature of WP Encryption plugin interface if you notice any mixed content warning in browser console.

3. Resolving Intermediate Cert (CA) issue in Bitnami WordPress

Facebook share debugger and SSLLabs might show your SSL intermediate certificate is missing. Please follow the below commands to resolve the issue:

Latest Bitnami:

cd /opt/bitnami/apache2/conf/bitnami
sudo nano bitnami-ssl.conf

Older Bitnami:

cd /opt/bitnami/apache2/conf/bitnami
sudo nano bitnami.conf

Add below line just after SSLCertificateKeyFile line

Latest Bitnami:

SSLCACertificateFile "/opt/bitnami/wordpress/keys/cabundle.crt"

Older Bitnami:

SSLCACertificateFile "/opt/bitnami/apps/wordpress/htdocs/keys/cabundle.crt"

After making these changes, press CTRL + O to save the changes and CTRL + X to exit the file editor. Lastly, restart Bitnami Apache for changes to take effect using below command

sudo /opt/bitnami/ctlscript.sh restart apache

The post How to Install SSL for AWS Lightsail Bitnami WordPress appeared first on WP Encryption.