Tech Monger

Programming, Web Development and Computer Science.

Skip to main content| Skip to information by topic

Lets Encrypt Wordpress on Google Cloud

In this tutorial we will enable https on wordpress site. We will install letsencrypt ssl certificate using EFF's Certbot client. We will perform installation on wordpress vm hosted on google cloud. However you can follow the same steps for your self hosted wordpress setup.

Steps to Install Let's Encrypt's Free SSL Certificates on Wordpress

  1. Prerequisites
  2. Before proceeding with ssl certificate installation we will assume that you have working wordpress site and accessible via domain name. It is also assumed that you can ssh wordpress server either via browser or via local machine.

  3. Enable HTTPS for Wordpress VM
  4. Open Google Cloud Console and Edit Compute Engine Instance to enable HTTPS traffic. This will open HTTPS port 443 to cater HTTPS requests.

    Open Port 443 by Enabling HTTPS on Compute Engine Instance
    Enable HTTPS - Wordpress Google Cloud

  5. Test SSH Connection
  6. In order to access vm hosting wordpress via terminal you should either open vm terminal in google cloud console or can configure key based ssh connection to login from local machine as described earlier.

    techmonger@ubuntu:~$ ssh
    The programs included with the Debian GNU/Linux system are free software;
    the exact distribution terms for each program are described in the
    individual files in /usr/share/doc/*/copyright.
    Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
    permitted by applicable law.

  7. Backup Configuration Files
  8. During certificate installation apache's configuration file will get overwritten by certbot. We should backup apache configuration files present inside /etc/apache2 and wordpress .htaccess file present inside /var/www/html/ (if you have one). We can restore configuration if something breaks during certificate installation.

    $ mkdir /tmp/apache_config_backup/
    $ cp -r /etc/apache2/* /tmp/apache_config_backup/
    $ cp /var/www/html/.htaccess /tmp/

  9. Install Certbot Client
  10. To install certbot client read instructions at for your webserver and operating system. We are using Wordpress VM at google cloud which come up with Linux (Debian) OS and Apache webserver. With following command we will install certbot.

    $ sudo apt-get install python-certbot-apache -t stretch-backports

  11. Install Certificates with Certbot
  12. Certificates installation process will be same for the wordpress setup as that of static website on google cloud. We will go through it again.

    1. Initiate Certificate Installation Program

      $ sudo certbot --authenticator webroot --installer apache
      Saving debug log to /var/log/letsencrypt/letsencrypt.log
      Plugins selected: Authenticator webroot, Installer apache
    2. Provide valid Email Address

      Enter email address (used for urgent renewal and security notices)
      (Enter 'c' to cancel):
    3. Accept (A) Let's Encrypt Terms and Conditions

      Please read the Terms of Service at
      You must agree in order to register with the ACME server at
      (A)gree/(C)ancel: A
    4. Option to Share Email with EFF. Select (Y/N) depending on your preferences.

      Would you be willing to share your email address with the
      Electronic Frontier Foundation, a founding partner of the
      Let's Encrypt project and the non-profit organization that
      develops Certbot? We'd like to send you email about our work
      encrypting the web, EFF news, campaigns, and ways to
      support digital freedom.
      (Y)es/(N)o: Y
    5. Domain name to install certificate for. (

      No names were found in your configuration files.
      Please enter in your domain name(s) (comma and/or space separated)
      (Enter 'c' to cancel):
      Obtaining a new certificate
      Performing the following challenges:
      http-01 challenge for
    6. Web Server root where website content is stored and accessible.(/var/www/html)

      Input the webroot for
      (Enter 'c' to cancel): /var/www/html
      Waiting for verification...
      Cleaning up challenges
      Created an SSL vhost at
      Enabled Apache socache_shmcb module
      Enabled Apache ssl module
      Deploying Certificate to VirtualHost
      Enabling available site:
    7. Option To configure HTTP to HTTPS redirect. Select 1 or 2 depending on whether or not you want to configure redirect.

      Please choose whether or not to redirect HTTP traffic to HTTPS,
      removing HTTP access.
      1: No redirect - Make no further changes to the webserver configuration.
      2: Redirect - Make all requests redirect to secure HTTPS access.
      Choose this for new sites, or if you're confident your site works on HTTPS
      You can undo this change by editing your web server's configuration.
      Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
      Enabled Apache rewrite module
      Redirecting vhost in
      /etc/apache2/sites-enabled/000-default.conf to ssl vhost in
    8. Message for Successful Configuration

      Congratulations! You have successfully enabled https:/
      You should test your configuration at:
    9. Details about certificate files

       - Congratulations! Your certificate and chain have been saved at:
         Your key file has been saved at:
         Your cert will expire on 2018-09-10. To obtain a new or tweaked
         version of this certificate in the future, simply run certbot again
         with the "certonly" option. To non-interactively renew *all* of
         your certificates, run "certbot renew"
       - Your account credentials have been saved in your Certbot
         configuration directory at /etc/letsencrypt. You should make a
         secure backup of this folder now. This configuration directory will
         also contain certificates and private keys obtained by Certbot so
         making regular backups of this folder is ideal.
       - If you like Certbot, please consider supporting our work by:
         Donating to ISRG / Let's Encrypt:
         Donating to EFF:

  13. Change Wordpress Address and Site Address
  14. Login wordpress and move to settings. Change WordPress Address (URL) and Site Address (URL) to https version of the site.. it might give you an error for the ssl certficate security exception. Confirm security exception to make changes.

    Wordpres Address Settings
    HTTPS Address for the Wordpress

  15. Test HTTPS Connection
  16. You can check HTTPS connection of your wordpress website in browser. If you are facing issues while connecting with HTTPS then learn about configuration changes made by certbot to tweak them or restore old configuration back.

  17. Auto Renewal of Certificates
  18. SSL certificates provided by let'sencrypt would expire after 90 days of installation. Certbot will create cronjob to autonew certificates inside /etc/cron.d/certbot. Learn how certbot's auto renewal script is setup as cron.

Tagged Under : Certbot Google Cloud Lets Encrypt Linux Open Source Web Wordpress