Obtain a TLS/SSL Certi cate and Enable HTTPS

January 28, 2016 / 6 responses

This article begins with the assumption that youre not looking for an in-depth explanation of what
HTTPS is, how encryption works, the difference between TLS and SSL, or why you should or
shouldnt obtain a certi cate. There are plenty of articles about that. No, you just want the fancy
green padlock in front of your URL, I hear you.

This is not the only way to enable https on your website. There are a lot of use cases for encryption,
and I only know what Ive done. Lets Encrypt is an alternative method thats free, but still in beta, so
that might be an option for you. Otherwise, read on.

Does This Article Pertain To You?

Youre an individual, not a company

You have a personal website or blog
Your website has a domain name
Your website is running on Apache
Youre not selling stuff
You can spend 9 dollars

What Youll Need

9 dollars
Generate a CSR on your server

Obtain an SSL Certi cate
Install certi cate on your server


Ill supply some additional information at the end about making sure HTTPS works properly with

I cant guarantee that this will work for you, or youll that be approved for a certi cate,
but it seems to be a common method that works for most people.

Generate a CSR on Your Server

A CSR is a Certi cate Signing Request. You need to generate one on your server. This is done with
an Open SSL command, which should be available by default from Apache.

SSH into the server, migrate to somewhere that isnt a public directory, and paste the following code,
changing YOURDOMAIN.COM to your domain.

openssl req -new -newkey rsa:2048 -nodes -keyout YOURDOMAIN.COM.key -out YOURDOMAIN

The server will ask you to ll in the following elds:

Common Name (the domain name)

Country (two letter code)
State (spelled out fully)
When youve nished, there should be a .csr and .key .

Obtain an SSL Certi cate


If you want to read more about the differences between TLS and SSL, you may do so here or here.

To over simplify, SSL (Secure Sockets Layer) is the old and TLS (Transport Layer Security) is the
new, but its often still referred to as an SSL certi cate. Here is a website to test your SSL
con guration, which will show you which TLS or SSL youre con gured with, and how all browsers
are responding (sadly, you will lose IE6 support).

Look how well I did!


Certi cates can vary from free to $5 to hundreds of dollars and more per year, depending on what
type you get and where you shop. You can get a certi cate from Comodo or Geotrust or
Obtain Certi cate

Any party you get your certi cate from will require you to purchase, then validate and approve it.
This will probably be done through email validation, in which theyll send an e-mail to
you@YOURDOMAIN.COM, HTTP, in which you upload a le to your public directory, or DNS based, in
which youll be asked to point a CNAME.

Once validation is complete, you will have your SSL certi cate, which you can download.

A certi cate will only be valid for one year, at which point youll have to renew it.

Install Certi cate on Your Server

The nal step will be to install the certi cate on your server. If youre using shared hosting or
managed hosting, you will need to provide your host with the certi cate so that they can install it for

If not, you can follow this nice guide by Digital Ocean.

You will need to modify your Virtual Host to be listening on port 443 (HTTPS) instead of port 80
(HTTP), specify your SSL key and certi cate les, enable SSL, and restart the server.

Whether your set it up yourself or your host did it for you, going to should
work, except it might throw mixed content warnings youll have to make sure any le being
served from your site is from a https URL.

Once youre absolutely certain everything is working properly, you can point a 301 permanent
redirect from your HTTP address to the HTTPS address.

HTTPS and WordPress

There are a few things youll have to do before WordPress will work properly with HTTPS. 4/10
Clear Cache and Disable Caching Plugins

Replace Static Files in the Database

Better Search Replace is a reliable plugin that will allow you to replace any string with another
string. Of course, always remember to back up your database before doing anything. Replacing all
instances of with should
take care of all uploads and images.

Enable HTTPS
Place this in wp-con g.php.

$_SERVER['HTTPS'] = 'on';

Prevent Admin Panel Redirect Loop

This one will also go in wp-con g.php.

define('FORCE_SSL_ADMIN', true);

Change URL in Database

Either in admin panel settings or from phpMyAdmin or whatever MySQL method youre using,
update the two elds in wp_options to contain https.

Redirect HTTP to HTTPS

Force https on all les.

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

this article cleared up the process of enabling encryption on your website. It might seem
Here is a Coding Horror article about web tra c encryption and the future of the web. If nothing
else, it will play a factor in your Google search ranking.

August 30, 2016 at 1:05 am

Also SSL now is an SEO ranking factor because it instills con dence in users and increase their good
experience with the website. SSL is very necessary.


Havjo Anas
August 4, 2016 at 3:18 am

What are your thoughts about CloudFlares exible SSL?

March 10, 2016 at 5:46 pm

I love your style explaining step by step tutorial. Cost of ssl nearly same as cost of domain, are there
any bene t to apply ssl to boost search rangking?


February 17, 2016 at 12:29 am

I did the same using + their SSL certi cates are free

Andy Storey
June 28, 2016 at 2:47 pm

If you have access to the command line on your host, you can setup a crontab job to renew every
30 days!

30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log

