How to Install SSL on AWS EC2 WordPress Site

Question

I've created and launched my WordPress site on AWS using EC2. I followed this tutorial to create the site. Its currently mapped to a domain using Route 53. All development on the site is done online in my instance.

I would now like to install an SSL Certificate on my site. How would I do so?

Answer 1

This is how I enabled SSL on my WordPress website.

I have used the Lets Encyprpt X.509 Certificates. Lets Encrypt is a certificate authority that provides x.509 Certificates in an automated fashion for free. You can find more information about lets encrypt [here][2]

Steps to follow:

1. SSH into the instance and switch to root.

2. Download Certbot

   wget https://dl.eff.org/certbot-auto

   Chmod a+x certbot-auto

3. Run certbot to fetch the certificates

   sudo ./certbot-auto --debug -v --server https://acme-v01.api.letsencrypt.org/directory certonly -d "your-domain-name"

4. A wizard would be launched asking you select options for Apache, WebRoot, and Standalone. Select the WebRoot option and continue.Note the directory of your domain

5. Usually /var/www/html will be your directory for your domain. After success you will have three certificates in the following paths

   Certificate: /etc/letsencrypt/live/<<<"Domain-Name">>>/cert.pem

   Full Chain: /etc/letsencrypt/live/<<<"Domain-Name">>>/fullchain.pem

   Private Key: /etc/letsencrypt/live/<<<"Domain-Name">>>/privkey.pem

6. Copy the pem file paths to /etc/httpd/conf.d/ssl.conf. Then restart the apache

   Service httpd restart

And Finally, I have enabled the Really Simple SSL Plugin in wordpress. Thats it!

Answer 2

If you created WordPress on AWS using "Bitnami", you may ssh to your instance and run:

sudo /opt/bitnami/bncert-tool

See bitnami docs for details

Answer 3

This tutorial provides a simple 3 step guide to setting up your Wordpress on AWS using LetsEncrypt / Certbot:

https://blog.brainycheetah.com/index.php/2018/11/02/wordpress-switching-to-https-ssl-hosted-on-aws/

Step 1: Get SSl certificate Step 2: Configure redirects Step 3: Update firewall

At each stage replace 'example.com' with your own site address.

Install certbot:

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache

Create certificates:

$ sudo certbot --apache -m admin@example.com -d example.com -d www.example.com

To configure redirects, first open the wp-config file:

$ sudo vim /var/www/html/example.com/wp-config.php

Insert the following above the "stop editing" comment line:

// HTTPS configuration
define('WP_HOME','https://example.com');
define('WP_SITEURL','https://example.com');
define('FORCE_SSL_ADMIN', true);

And finally, update firewall via the AWS console:

1. Login to your AWS control panel for your EC2 / Lightsail instance
2. Select the Networking tab Within the Firewall section, just below the table
3. Select Add another
4. Custom and TCP should be pre-populated within the first two fields by default, leave these as they are
5. Within the Port range field enter 443 Select Save

Then just reload your apache config:

sudo service apache2 reload

And you should be good to go.

Answer 4

If you're looking for easy and free solution, try https://letsencrypt.org/. They have a easy to follow doc for anyone.

TLDR; Head to https://certbot.eff.org/, choose your OS and server type and they will give you 4-5 line installation to install certificate automatically.

Before attempting, make sure your domain name is correctly pointed to your EC2 using Route53 or Elastic IP.

For example, here's all you need to run to automatically get and install SSL on a Ubuntu EC2 running nginx

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx 

Best of luck!

Answer 5

According to the Tutorial, since you have configured only an EC2 instance, direct approach is to purchase a SSL certificate and install it into apache server. For detailed steps follow the tutorial HOW TO ADD SSL AND HTTPS IN WORDPRESS How to Add SSL and HTTPS in WordPress.

If you plan to use AWS Certificate Manager issued free SSL certificates, then it requires either to configure a Elastic Load Balancer or the CDN CloudFront. This can get complicated if you are new to AWS. If you plan to give it a try with AWS Cloudfront, follow the steps in How To Use Your Own Secure Domain with CloudFront.

Using Cloudfront also provides a boost in performance since it caches your content and reduces the load from your EC2 instance. However one of the challenges you will face is to avoid mixcontent issues. There are WordPress plugins that are capable of resolving mixcontent issues, so do try them out.