WordPress with Let’s Encrypt SSL Certificate on a Load Balancer

Implementing Wordpress + Offloading Let's Encrypt SSL Certificate + Cloud Load Balancer

0
65
SSL-Offloading
SSL-Offloading

Hi again,

As many of you know a lot of “Production” applications need to be configured to provide High Availability. With that in mind, a best practice architecture to your application is to add a Load Balancer as a front end who distribute your traffic between your application nodes, as you can appreciate on the next image:

Load Balancer HA
Load Balancer HA

SSL Offloading

In this case, my “Production” application is my blog, and I will install a SSL Certificate on the Cloud Load Balancer (CLB) to offloading the encryption/decryption to the CLB instead of doing it on the webserver. That way your webservers uses port 80 (HTTP), as always, and you serve your content trought port 443(HTTPS).

SSL-Offloading
SSL-Offloading

Here are the what I use to configure my WordPress with SSL Certificate:

  • SSL Certificate issued using Let’s Encrypt
  • A Client of Let’s Encrypt called acme
  • A Cloud Load Balancer
  • A WordPress installation

1Step 1: Install acme.sh client

There is a lot of ACME clients supported by Let’s Encrypt, the most popular is Certbot. However, I prefer to use acme.sh.

Let’s install it:

2Step 2: Issue SSL Certificate

Once acme.sh is installed, we proceed to issue our first SSL Certificate:

Where the explained options are:
–issue: Issue a new certificate
-d (–domain) : Specifies a domain, used to issue, renew or revoke, etc.
-w (–webroot) : Specifies the web root folder for web root mode. This is the DocumentRoot where your site is hosted and it is necessary to verify it by Let’s Encrypt.

Cloud Load Balancer

3Step 3: Install SSL Certificate on Cloud Load Balancer

So, at this moment we have our SSL Certificate, Private Key, and Intermediate CA Certificate ready to install on our Cloud Load Balancer (CLB)

So we should go to https://mycloud.rackspace.com -> Rackspace Cloud -> Networking -> Cloud Load Balancers:

Then, to Optional Features and Enable/Configure on “Secure Traffic SSL”:

Cloud Load Balancer
Cloud Load Balancer

Finally, we add our SSL Certificate, Private Key, and Intermediate CA Certificate to the CLB and save the configuration:

Cloud Load Balancer
Cloud Load Balancer
Updating URLs

4Step 4: Configure WordPress

We are almost done, at this time we already have configured our SSL on the CLB to provide WordPress over HTTPS, however, WordPress is still with HTTP, so we need to reconfigure our WordPress with SSL.

Database queries

First of all, we should update the links from http to https; we are going to do it directly on the database doing the following queries:

Warning: Change all instances of example.com to your own. If you have the www as part of your WordPress Address (URL) in the WordPress Settings, add the www.
Also, if you have a custom table prefix in the WordPress database, something other than the default wp_, then you must change all the instances of wp_ to your own table prefix.

  1. Update any embedded attachments/images that use http:This one updates the src attributes that use double quotes:

    This one takes care of any src attributes that use single quotes:
  2. Update any hard-coded URLs for links.This one updates the URL for href attributes that use double quotes:

    This one updates the URL for href attributes that use single quotes:
  3. Update any “pinged” links:
  4. This step is just a confirmation step to make sure that there are no remaining http URLs for your site in the wp_posts table, except the GUID URLs.
    You must replace WP_DB_NAME, near the beginning of the query, with the name of your database.
    This will confirm that nowhere in the wp_posts table is there a remaining http URL, outside of the GUID column. This ignores URLs in the GUID column.
    This query only searches; it does not replace anything, nor make any changes. So, this is safe to run. It’s a safe and quick way to check the wp_posts table while ignoring the guid column.
    This SQL query should return an empty set. That would mean that it found no http URLs for your site. (This is all just 1 query. It’s 1 very, very long line.)
    Warning: Remember to replace WP_DB_NAME, near the beginning of the query, with the name of your database.
  5. Now, we move to the wp_comments table. This changes any comment author URLs that point to the http version of your site. This is in case you’ve ever replied to a comment while your URL was pointing to http.
  6. This updates the content of the comments on your site. If there are any links in the comments that are linking to an http URL on your site, they will be updated to https.
  7. Now we move to the wp_postmeta table. This takes care of any custom post meta that points to the http version of your site.
  8. Now we move to the wp_options table. Update the “WordPress Address (URL)” and “Site Address (URL)”.
    For the WordPress Address URL, you may have to modify example.com. If you have WordPress installed in some other directory, then modify this according to your own WordPress URL. For example, some people have WordPress installed in a subdirectory named “blog”, and so their WordPress Address would be https://example.com/blog.

    This one will update the Site Address URL (this is the home page of your site):

WordPress Control Panel

Besides, with run the queries directly on the database, we can update, or verify,  the blog URLs, by going to Settings > General
And updating your WordPress Address (URL) and Site Address (URL) address fields.

WordPress Config File

Finally, we should add the following line to our wp_config.php file

 

Now, you have configured WordPress with Let’s Encrypt SSL Certificate on a Load Balancer.

LEAVE A REPLY

Please enter your comment!
Please enter your name here