Free SSL Certificate Setup for WordPress on Google Cloud (Click-to-Deploy)

1. Connect to WordPress via SSH 

Go to your Google Compute homepage and click the hamburger menu in the upper left-hand corner.

Go to your Compute Engine, then to VM instances to access your WordPress installation

Click the SSH button to connect to your website’s server.

2. Install CertBot Client

Now that you’ve connected to your website’s Apache server, you are going to execute the command to install the Certbot client. The Certbot client is used to issue the SSL certificates that will be used later on in this tutorial.

wget https://dl.eff.org/certbot-auto && chmod a+x certbot-auto

After executing each of these commands, you can either stay in the same SSH window or exit and open a new one.

3. Generate Certificates

In this step you are going to execute the command below in order to tell the Certbot client to create SSL certificates for your website. Remember to replace 1pagezen.com with your own domain name.

./certbot-auto certonly --webroot -w /var/www/html/ -d 1pagezen.com -d www.1pagezen.com

After executing these commands, your certificates will be generated. Take note of the directory where your certificates are installed.

4. Configure the Certificates

The next step is to configure your certificates. First, execute the command below to open your default-ssl.conf file for editing.

sudo nano /etc/apache2/sites-available/default-ssl.conf

At the top of the default-ssl.conf file, paste the following lines of code in order to tell your server to direct network traffic to HTTPS port 443.

<Directory /var/www/html/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>

The next step is to use the down-arrow key to scroll down towards the bottom of the default-ssl.conf file. Place a # sign next to the existing snakeoilcertificates, and paste the path to your three SSL certificate files as shown in the command below, making sure to replace 1pagezen.com with your own domain name.

SSLCertificateFile "/etc/letsencrypt/live/1pagezen.com/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/1pagezen.com/privkey.pem"
SSLCertificateChainFile "/etc/letsencrypt/live/1pagezen.com/chain.pem"

After adding this code, enter ctrl+o to save changes, followed by ctrl+x to exit back to your home screen.

5. Enable HTTPS Redirect

The next thing you will do is configure your Apache server to only serve the HTTPS version of your website. To do this, you will edit your wordpress.conf file, which you can access by executing the command below.

sudo nano /etc/apache2/sites-available/wordpress.conf

Inside of the wordpress.conf file, delete the existing 3 lines of code at the top of the file. Then, copy and paste the code below into the file - remembering to replace 1pagezen.com with your own domain name.

<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html

ServerName www.1pagezen.com
ServerAlias 1pagezen.com
Redirect permanent / https://www.1pagezen.com/

<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/html/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

After adding the code to your wordpress.conf file, enter ctrl+o to save your changes and ctrl+x to exit the wordpress.conf file.

6. Restart the Apache Server

In order for your certificate changes to take effect, you need to update/restart you Apache server by executing all three of the commands listed below.

sudo a2ensite default-ssl
sudo a2enmod ssl
sudo service apache2 restart

7. Update WordPress URLs

In your browser, enter the URL (with https://) to your wp-admin dashboard.

From your WordPress dashboard, navigate to Settings > General, and replace your current domain name with the https:// version - with or without www.infront. Then, scroll to the bottom of the page and click the Save Changesbutton.

8. Configure SSL Auto-Renewal

Do you want your SSL certificates to renew automatically? In the following steps you will learn how to configure auto-renewal for your SSL certificates - so let's get started!

The first step in configuring auto-renewal is to use the mv command to move your certbot package into the letsencrypt directory.

sudo mv certbot-auto /etc/letsencrypt/

You can verify that your certbot-auto package has been moved successfully by executing the command ls /etc/letsencrypt/ and seeing if the certbot-auto package appears in that directory.

8.1   Edit Crontab File

Now that you've moved your certbot-Auto package to the /etc/letsencrypt/directory, the next step is to open your crontab file.

To open your crontab file, execute the following command:

sudo crontab -e

You can open your crontab file by executing the command sudo crontab -e.

8.2   Configure Auto-Renew Script

Now that you've opened your crontab file, the next step is to add a script at the bottom of the crontab file which will execute once per week and will automatically renew the SSL certificates if they are about to expire.

At the bottom of your crontab file, you will enter a script which will tell your server to check for certificate renewals once per week, and to automatically renew the certificates if they are about to expire. After adding the script, save the crontab file by pressing CTRL + X, then Y, then Enter.

45 2 * * 6 cd /etc/letsencrypt/ && ./certbot-auto renew && /etc/init.d/apache2 restart