Free SSL Certificate Setup for WordPress on Google Cloud (Click-to-Deploy)

by | Feb 12, 2019 | Google, Google Cloud Platform | 0 comments

In this quick-start tutorial you will learn how to configure free, auto-renewing SSL certificates for WordPress websites that are hosted on Google Cloud compute engine using the Click-to-Deploy version of WordPress on Google Cloud.

Having SSL Security on your website will improve your Google search ranking.

If you’re using the Bitnami version of WordPress on Google Cloud, you can view that SSL certificate tutorial here.

Before getting started with this tutorial, you should have already:

  1. Installed WordPress on Google Cloud
  2. Set up a Domain Name for your WordPress website
  3. Reserved a Static IP Address for your VM instance.

So let’s get started…

1. Connect to WordPress via SSH

ssl certificates wordpress on google cloud access menu
Go to your Google Compute homepage and click the hamburger menu in the upper left-hand corner.
ssl certificate for wordpress on google cloud go to compute engine then vm instances
Go to your Compute Engine, then to VM instances to access your WordPress installation.
Click the SSH button to connect to your website’s server.

2. Install CertBot Client

ssl certificate setup wordpress google cloud click to deploy
Now that you’ve connected to your website’s Apache server, you are going to execute the command to install the Certbot client. The Certbot client is used to issue the SSL certificates that will be used later on in this tutorial.
wget https://dl.eff.org/certbot-auto && chmod a+x certbot-auto

After executing each of these commands, you can either stay in the same SSH window or exit and open a new one.

3. Generate Certificates

ssl certificate setup wordpress google cloud click to deploy
In this step you are going to execute the command below in order to tell the Certbot client to create SSL certificates for your website. Remember to replace 1pagezen.com with your own domain name.
./certbot-auto certonly --webroot -w /var/www/html/ -d 1pagezen.com -d www.1pagezen.com
ssl certificate setup wordpress google cloud click to deploy
After executing these commands, your certificates will be generated. Take note of the directory where your certificates are installed.

4. Configure the Certificates

ssl certificate setup wordpress google cloud click to deploy
The next step is to configure your certificates. First, execute the command below to open your default-ssl.conf file for editing.
sudo nano /etc/apache2/sites-available/default-ssl.conf
ssl certificate setup wordpress google cloud platform compute engine click-to-deploy
At the top of the default-ssl.conf file, paste the following lines of code in order to tell your server to direct network traffic to HTTPS port 443.
<Directory /var/www/html/>Options Indexes FollowSymLinks MultiViewsAllowOverride AllOrder allow,denyallow from all</Directory>
ssl certificate setup wordpress google cloud click to deploy
The next step is to use the down-arrow key to scroll down towards the bottom of the default-ssl.conf file. Place a # sign next to the existing snakeoil certificates, and paste the path to your three SSL certificate files as shown in the command below, making sure to replace 1pagezen.com with your own domain name.
SSLCertificateFile "/etc/letsencrypt/live/1pagezen.com/cert.pem"SSLCertificateKeyFile "/etc/letsencrypt/live/1pagezen.com/privkey.pem"SSLCertificateChainFile "/etc/letsencrypt/live/1pagezen.com/chain.pem"

After adding this code, enter ctrl+o to save changes, followed by ctrl+x to exit back to your home screen.

5. Enable HTTPS Redirect

ssl certificate setup wordpress google cloud click to deploy
The next thing you will do is configure your Apache server to only serve the HTTPS version of your website. To do this, you will edit your wordpress.conf file, which you can access by executing the command below.
sudo nano /etc/apache2/sites-available/wordpress.conf
wordpress conf file configurations
Inside of the wordpress.conf file, delete the existing 3 lines of code at the top of the file. Then, copy and paste the code below into the file – remembering to replace 1pagezen.comwith your own domain name.
<VirtualHost *:80>ServerAdmin webmaster@localhostDocumentRoot /var/www/htmlServerName www.1pagezen.comServerAlias 1pagezen.comRedirect permanent / https://www.1pagezen.com/<Directory />Options FollowSymLinksAllowOverride None</Directory><Directory /var/www/html/>Options Indexes FollowSymLinks MultiViewsAllowOverride AllOrder allow,denyallow from all</Directory>ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/<Directory "/usr/lib/cgi-bin">AllowOverride NoneOptions +ExecCGI -MultiViews +SymLinksIfOwnerMatchOrder allow,denyAllow from all</Directory>ErrorLog ${APACHE_LOG_DIR}/error.log# Possible values include: debug, info, notice, warn, error, crit,# alert, emerg.LogLevel warnCustomLog ${APACHE_LOG_DIR}/access.log combined</VirtualHost>

After adding the code to your wordpress.conf file, enter ctrl+o to save your changes and ctrl+x to exit the wordpress.conf file.

6. Restart the Apache Server

ssl certificate setup wordpress google cloud platform compute engine bitnami
In order for your certificate changes to take effect, you need to update/restart you Apache server by executing all three of the commands listed below.
sudo a2ensite default-sslsudo a2enmod sslsudo service apache2 restart

7. Update WordPress URLs

enter url for domain
In your browser, enter the URL (with https://) to your wp-admin dashboard.
ssl certificate setup wordpress google cloud click to deploy
From your WordPress dashboard, navigate to Settings > General, and replace your current domain name with the https:// version – with or without www. infront. Then, scroll to the bottom of the page and click the Save Changes button.

SSL Auto-Renewal Configuration (Optional)

8. Configure SSL Auto-Renewal

Do you want your SSL certificates to renew automatically? In the following steps you will learn how to configure auto-renewal for your SSL certificates – so let’s get started!

move certbot to letsencrypt directory with mv command
The first step in configuring auto-renewal is to use the mv command to move your certbot package into the letsencrypt directory.
sudo mv certbot-auto /etc/letsencrypt/
moved certbot package
You can verify that your certbot-auto package has been moved successfully by executing the command ls /etc/letsencrypt/ and seeing if the certbot-auto package appears in that directory.

8.1   Edit Crontab File

Now that you’ve moved your certbot-Auto package to the /etc/letsencrypt/ directory, the next step is to open your crontab file.

To open your crontab file, execute the following command:

sudo crontab -e
opening crontab file for editing
You can open your crontab file by executing the command sudo crontab -e.

8.2   Configure Auto-Renew Script

Now that you’ve opened your crontab file, the next step is to add a script at the bottom of the crontab file which will execute once per week and will automatically renew the SSL certificates if they are about to expire.

inside of crontab file with ssl auto renew script
At the bottom of your crontab file, you will enter a script which will tell your server to check for certificate renewals once per week, and to automatically renew the certificates if they are about to expire. After adding the script, save the crontab file by pressing CTRL + X, then Y, then Enter.

For Click-to-deploy or standard Apache users, add the following script:

45 2 * * 6 cd /etc/letsencrypt/ && ./certbot-auto renew && /etc/init.d/apache2 restart

That’s it!

If you’re interested in learning about additional auto-renewal testing methods, check out the full Certbot auto-renewal tutorial here. You may also be interested in boosting your website’s performance by configuring Cloudflare’s free CDN.

If you run into any issues with your certificates and want to verify that they’re configured properly, check out the SSL Checker tool. Also check out this tutorial on how to fix SSL errors.

Submit a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.