Download and Install and Active WP Encrypt plugin : https://www.yanivp.net//wordpress.org/plugins/wp-encrypt/
Go to WordPress Settings > WP Encrypt and fill in the details
Go to Register Account
FIX The directories /var/www/letsencrypt/live
and /var/www/html/.well-known/acme-challenge
that WP Encrypt needs access to are not automatically writable by the site. Unless you change this, it is not possible to auto-renew certificates.
sudo mkdir /var/www/letsencrypt/
sudo mkdir /var/www/letsencrypt/live
sudo chown -R www-data /var/www/letsencrypt
Go to Generate Certificate
Click help tabs at the top of this page to set up the ssl
sudo nano /etc/apache2/sites-available/000-default.conf
and paste VirtualHost code from Help info
see example with test.com domain …
<VirtualHost *:80> ServerName www.test.com/ Redirect / https://www.yanivp.net//www.test.com/ </VirtualHost> <VirtualHost *:443> DocumentRoot /var/www/html ServerName www.test.com ServerAlias www.test.com SSLEngine on SSLProtocol all -SSLv2 -SSLv3 -TLSV1 #RewriteCond %{HTTP_HOST} !^www\. [NC] #RewriteRule ^(.*)$ https://www.yanivp.net//www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] SSLCertificateFile /var/www/letsencrypt/live/www.test.com/cert.pem SSLCertificateKeyFile /var/www/letsencrypt/live/www.test.com/private.pem SSLCertificateChainFile /var/www/letsencrypt/live/www.test.com/chain.pem </VirtualHost>
Open mod SSL : sudo a2enmod ssl
Restarting Apache: sudo service apache2 restart
Check ssl port 443 open:
http://www.yougetsignal.com/tools/open-ports/
change to https in wp-config.php
sudo nano /var/www/html/wp-config.php
define('WP_SITEURL', 'https://www.yanivp.net//' . $_SERVER['HTTP_HOST'] . '/');
define('WP_HOME', 'https://www.yanivp.net//' . $_SERVER['HTTP_HOST'] . '/');
Restarting Apache: sudo service apache2 restart
Check non https images with this tool:
https://www.yanivp.net//www.whynopadlock.com/
Check SSLv3 Poodle Vulnerabilit:
option1 : https://www.yanivp.net//www.site24x7.com/tools/check-ssl3-vulnerability.html
option 2: sudo apt-get install nmap and run this command:nmap -p 443 --script +ssl-enum-ciphers YOUR.SERVER.ADDRESS.COM
Resources: link
Disable SSLv3
sudo nano /etc/apache2/mods-available/ssl.conf and change this line from SSLProtocol all to SSLProtocol all -SSLv2 -SSLv3
Restarting Apache: sudo service apache2 restart