We can enable SSL on your WordPress site hosted on a Linode server either by using Let’s Encrypt with Certbot or transferring an SSL certificate from another provider (e.g., Namecheap). This guide covers both methods.
1. Using Let’s Encrypt with Certbot
1.1 Install Certbot
SSH into your Linode server:
ssh root@your_linode_ipInstall Certbot for your web server:
# For Ubuntu with Apache
sudo apt update
sudo apt install certbot python3-certbot-apache
# For Ubuntu with Nginx
sudo apt update
sudo apt install certbot python3-certbot-nginxGenerate the SSL certificate:
sudo certbot --apache # or --nginxFollow prompts to select your domain and enable HTTPS.
1.2 Location of SSL Certificates and Keys
When you use Certbot, your certificates and keys are stored in /etc/letsencrypt/live/yourdomain.com/:
-
Certificates (fullchain.pem)
/etc/letsencrypt/live/yourdomain.com/fullchain.pemFull certificate including domain and intermediate certificates.
-
Private Key (privkey.pem)
/etc/letsencrypt/live/yourdomain.com/privkey.pemPrivate key associated with the certificate.
-
Chain of Trust (chain.pem)
/etc/letsencrypt/live/yourdomain.com/chain.pemIntermediate certificates linking your domain certificate to the root certificate.
-
Symlink to domain certificate (cert.pem)
/etc/letsencrypt/live/yourdomain.com/cert.pemYour domain certificate, symlinked to
fullchain.pem.
The certificates and private keys should be owned by root and should be readable only by the server.
We need to adjust the permissions for any reason:
sudo chmod 644 /etc/letsencrypt/live/yourdomain.com/*
sudo chmod 600 /etc/letsencrypt/live/yourdomain.com/privkey.pem1.3 Configure Web Server
- For Apache, update your site’s
.conffile (often located in /etc/apache2/sites-available/000-default-le-ssl.conf or a similar file) with the paths to the certificate files above.SSLEngine on SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/yourdomain.com/chain.pem -
For Nginx, update the
ssl_certificateandssl_certificate_keydirectives (typically located in /etc/nginx/sites-available/yourdomain.com).server { listen 443 ssl; server_name yourdomain.com www.yourdomain.com; ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem; }
1.4 Test SSL Configuration
Reload or restart your web server and test your site with https://yourdomain.com.
1.5 Optional: Enable Auto-Renewal
Configure certbot to auto-renew your certificates using a cron job or system timer.
sudo systemctl list-timers
sudo certbot renew --dry-run
sudo certbot certificates2. Configure WordPress for HTTPS
WordPress needs to be updated to use HTTPS for all URLs and assets.
2.1 Update Site URL
- Log into your WordPress admin dashboard.
- Go to Settings > General.
- Change both the WordPress Address (URL) and Site Address (URL) to use
https://instead ofhttp://.
2.2 Force HTTPS
You can force WordPress to always load over HTTPS by adding rules to your .htaccess file (for Apache) or nginx.conf (for Nginx).
For Apache:
Edit the .htaccess file in your WordPress root directory and add:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>For Nginx:
In your server block, add:
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
return 301 https://$host$request_uri;
}This ensures all HTTP traffic is redirected to HTTPS. We can also use a plugin like “WP Encryption” (chosen), “Really Simple SSL” to enforce HTTPS across your WordPress site. This plugin will automatically fix any mixed-content issues (insecure resources loaded over HTTP), ensuring that your entire site loads securely.
3. Transferring SSL from Another Provider
Follow similar steps to upload the certificate, private key, and CA bundle, then update your web server configuration as described above.