When Google mentioned that blogs and websites that implement SSL or HTTPS traffic will get a small bump in its search results, I jumped on it.
I have been hit by Google Panda, Penguin and all the other stupid Google algorithms that have been released in the past. This site used to bring in close to 18,000 unique visitors a day.
Now traffic have stalled at about 7,000 per day which is not very nice. I want to grow this blog and support the cost that is required to run it. It has been a crazy roller coaster over these months.
If by implementing HTTPS will get me a small pump in traffic, I am willing to try. It this point, I’ll try anything to recover from these nasties Google algorithms.
So, here my journey to HTTPS. If you look at the browser URL, you’ll notice that it begins with https. That’s cool.
Now, here’s what I did to get HTTPS enable for this site. Remember, I do run Nginx web server here so setting it up on Apache2 might be a bit different.
When setting up SSL certificates for your domain, the first thing to do is to create the host certificate key pair. Combining both the host and the registrar keys, allows for secure traffic.
In CentOS, run the commands below to generate a certificate signing request file. (replace yourdomain with the domain you’re securing)
openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
The commands above create the host private key along with the certificate signing request key. The signing request key is used to sign the registrar’s key.
When you run the above commands, it should prompt you to type some information.
- Common Name: The fully-qualified domain name, or URL, you’re securing.
If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example *.coolexample.com. - Organization: The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requestor’s name.
- Organization Unit: If applicable, enter the DBA (doing business as) name. If you’re securing a single blog, then type the blog owner’s name here.
- City or Locality: Name of the city where your organization is registered/located.
- State or Province: Name of the state or province where your organization is located.
- Country: The two-letter International Organization for Standardization (ISO) format country code for where your organization is legally registered.
When you’re done with all of the above steps, save the certification signing (crs) request file for later use. When you go to register for an SSL certificate, they will ask you to provide the crs key content.
In my case, I had to open the text file and copy its content, then pest it into an online form provided by the registrar.
After 12 hours, I received a zipped file with four files content via email.
In the attached file were
- Root CA Certificate – AddTrustExternalCARoot.crt
- Intermediate CA Certificate – COMODORSAAddTrustCA.crt
- Intermediate CA Certificate – COMODORSADomainValidationSecur
eServerCA.crt - Your PositiveSSL Certificate – liberiangeek_net.crt
I copy these files to my host server to create the certificate bundle.
After extracting the content, I ran the commands below to create a certificate bundle of the keys provided to me.
cat yourdomain_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt >> ssl-bundle.crt
Remember to run the commands in order as shown above beginning with yourdomain.crt.
Finally, I created a folder inside the /etc/nginx called ssl and copy both the bundle.crt file as well as the yourdomain.key file created earlier into that directory.
Then open Nginx site configure file and add these line into the server block to enable SSL on the site.
server {
listen 80;
server_name _;
return 301 https://www.yourdomain.net$request_uri;
}
server {
listen 443;
sever_name www.yourdomain.net
ssl on;
ssl_certificate /etc/nginx/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/yourdomain.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;
root /var/www/html;
index index.php;
try_files $uri $uri/ /index.php?$args;
}
That’s how mine is setup. Yours might be configured differently.
After configuring the above setup, your WordPress site might not work because the permalinks are still pointing to http. You must change the permalinks in the database to correct it.
To do that, logon to the database server
mysql -u root -p
Then run the commands below to change your http links to https. This will replace the http links for both the site and home urls.
UPDATE wp_options SET option_value = replace(option_value, 'http://www.oldsiteurl.com', 'https://www.newsiteurl.com') WHERE option_name = 'home' OR option_name = 'siteurl';
That’s it! You’re done.
Enjoy!