How to Add SSL to existing WordPress site in Nginx


We recently added SSL to one of our website wbxpress.com. This site is powered by wordpress and running in nginx web server inside a linode VPS.

We were in dilemma whether adding SSL will be beneficial or not. Although wbxpress.com does not need any SSL because no monetary transaction take place at it.

However, we like the green padlock at the URL bar. We also hate to see the browser messages like, “Your connection to this site is not private“, “The identity of this site is not verified“, “Your connection to this site is not encrypted” etc.

As per Google, sites having a SSL will be shown with priority in search engine result. So, there will be a SEO benefit.

At the same time, we also learned from different blogs that:-

  1. Installing SSL is a very hard task.
  2. https reduces site speed.
  3. Social shared Count will be zero.
  4. Website traffic will be reduced.

In-spite of the above we installed SSL overcoming all the difficulties. It was a smooth process. Now, we are happy to have it installed.

Here in this tutorial we will describe the process.

Buy a single domain SSL from Namecheap.com which is very in-expensive. Check this.

Go to command line prompt of your VPS server which is running Nginx web server. And execute the following command to create CSR code which will be required for SSL activation.

openssl req -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr

You need to answer few questions like:

Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:West Bengal
Locality Name (eg, city) []:Kolkata
Organization Name (eg, company) [Internet Widgits Pty Ltd]:WBXPress
Organizational Unit Name (eg, section) []:NA
Common Name (e.g. server FQDN or YOUR name) []:example.com
Email Address []:admin@example.com

Now Download example.com.csr using FileZilla FTP client.
Open the above file with Notepad++

Now goto Namecheap->SSL certificates->Activate. Paste the above CSR code inside the first text box as shown here.

Next Select domain control validation method through Email. You need to activate the link which will be sent to email.

You will get SSL certificates in your inbox thereafter. Download the certificates and unzip.

You need to merge the two files using Notepad++. Open both the files. Copy the content of example_com.crt file and paste the content above example_com.ca-bundle. Now save the merged file as ssl-bundle.crt

Now upload this file to the same location where example.com.key and example.com.csr are present in your server.

Now you need to add the certificates and key to virtual host configuration file. Execute this:

sudo nano /etc/nginx/sites-available/example.conf

Add the following inside server{} block.

listen 443 ssl;
server_name example.com;
ssl_certificate /home/admin/ssl-bundle.crt;
ssl_certificate_key /home/admin/example.com.key;

Now you restart nginx server.

sudo service nginx restart

You have successfully installed ssl to your website. Just to be sure it is working you need to browse your site with https.

https://example.com

At this point you see padlock with orange triangle. To make it green you need to use modern encryption algorithm for which you generate the necessary code from Mozilla SSL Configuration Generator.

mozilla-ssl-config-generator

Copy the highlighted code. Edit nginx configuration file.

sudo nano /etc/nginx/nginx.conf

Replace the SSL settings of nginx.conf by the copied code:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;

Now you restart nginx server.

sudo service nginx restart

Now you will see a Green Padlock in your browser bar. Congratulations!

Mixed Content Error

It is obvious that you have already interlinked many posts or media in posts or pages. To avoid mixed content error you need to change all occurences of http://example.com to https://example.com. There is a good plugin for this job.

Search Regex

Install this plugin. Replace and Save all occurrences of http://example.com to https://example.com.

, ,

Leave a Reply

Your email address will not be published.