...
Log out of the WordPress admin panel, and log in again. From the admin toolbar on the top left, navigate to the My Sites > Network Admin > Sites.
...
Configure SSL certificates with Let’s Encrypt
To configure SSL certificates with Let’s Encrypt, first:
Install the EPEL repository and the mod_ssl package for better-updated packages and security.
| Code Block |
|---|
sudo dnf install epel-release mod_ssl -y
DigitalOcean Agent 128 kB/s | 3.3 kB 00:00
DigitalOcean Droplet Agent 55 kB/s | 3.3 kB 00:00
Package epel-release-8-15.el8.noarch is already installed.
Dependencies resolved.
=======================================================================================================================================================
Package Architecture Version Repository Size
=======================================================================================================================================================
Installing:
mod_ssl x86_64 1:2.4.37-47.module+el8.6.0+823+f143cee1.1 appstream 136 k
Transaction Summary
=======================================================================================================================================================
Install 1 Package
Total download size: 136 k
Installed size: 266 k
Downloading Packages:
mod_ssl-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64.rpm 957 kB/s | 136 kB 00:00
-------------------------------------------------------------------------------------------------------------------------------------------------------
Total 706 kB/s | 136 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : mod_ssl-1:2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 1/1
Running scriptlet: mod_ssl-1:2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 1/1
Verifying : mod_ssl-1:2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 1/1
Installed:
mod_ssl-1:2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64
Complete! |
Next, install the certbot package as follows:
| Code Block |
|---|
[mtb@sierra updraft]$ sudo dnf install python3-certbot-nginx -y
Last metadata expiration check: 0:01:00 ago on Thu 16 Jun 2022 09:48:43 PM UTC.
Package python3-certbot-nginx-1.22.0-1.el8.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete! |
Once installed, run the following command to start the creation of your certificate:
| Code Block |
|---|
[mtb@sierra updraft]$ sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email mtb@costaflores.com -d moss.law
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for moss.law
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/moss.law/fullchain.pem
Key is saved at: /etc/letsencrypt/live/moss.law/privkey.pem
This certificate expires on 2022-09-14.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for moss.law to /etc/nginx/conf.d/moss.law.conf
Congratulations! You have successfully enabled HTTPS on https://moss.law
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
Now the site should respond to HTTPS connections with the new certificate!
...
Finally, we can set a cron job to renew the certificates automatically. Certbot offers a script that does this automatically, and you can first test to make sure everything is working by performing a dry run.
| Code Block |
|---|
sudo certbot renew --dry-run |
Next install the cronjob (crontab -e):
| Code Block |
|---|
00 00 */1 * * /usr/sbin/certbot-auto renew |