Requirements

  • You can access your site with a TLD such as example.com
  • WordPress Install is Complete
  • You've set your instance to use a fixed, Elastic IP

Covered in this guide

  • Installing Let's Encrypt with AMIMOTO
  • Generating a SSL Cert
  • Search and Replace with WP-CLI
  • Setting a Renewal Schedule for Let's Encrypt

Tips and Notes

If you're setting up a new AMI, make a note of the AMI instance ID. This ID is created and used for your WordPress install directory.


For example, if your ID is i-abc123, the WordPress install path will be:

/var/www/vhosts/i-abc123


Optionally, when the AMI is only running one site you can CD into this directory using a wildcard path.

$ cd /var/www/vhosts/*

Installing Let's Encrypt

1. Login as root

sudo su -

2. Stop Services

# service monit stop; \
service nginx stop; \
service php-fpm stop; \
service mysql stop

3. Install Let's Encrypt using AMIMOTO Cookbook

# chef-solo -o amimoto::letsencrypt \
-c /opt/local/solo.rb \
-j /opt/local/amimoto.json \
-l error

4. Start Services

# service monit start; \
service nginx start; \
service php-fpm start; \
service mysql start

5. Add Let's Encrypt to PATH

# export PATH=$PATH:/usr/local/bin

6. Install SSL Cert

# letsencrypt certonly -t -d example.com \
 -a webroot --webroot-path=/var/www/vhosts/i-abc123 \
 --rsa-key-size 2048 \
 --server https://acme-v01.api.letsencrypt.org/directory

7. Check and Copy NGINX Site Config

# cd /etc/nginx/conf.d/
# ls
# cp default.conf default-ssl.conf

8. Update NGINX Conf Files

Examples of the following files can be found here.

  • default.conf
  • default-ssl.conf

9. Restart Services

# service monit restart; \
service nginx restart; \
service php-fpm restart; \
service mysql restart

10. Set Let's Encrypt to Renew

# crontab -e

Add the following line

# Renewing Lets Encrypt certificate
0 1 * * 1 /opt/letsencrypt/bin/letsencrypt renew && /sbin/service nginx restart > /dev/null 2>&1

The end result should look something like this.

@reboot /bin/sh /opt/local/provision > /dev/null 2>&1

# Renewing Lets Encrypt certificate
0 1 * * 1 /opt/letsencrypt/bin/letsencrypt renew && /sbin/service nginx restart > /dev/null 2>&1

You're done!

Now exit from using the Root user.

# exit

Optional

Search and Replace URLs to use HTTPS using the WP-CLI Command

$ wp search-replace 'http://example.com' 'https://example.com' --skip-columns=guid

Did this answer your question?