Adding SSL to your in-home Raspberry Pi is actually super easy (see the image below… it’s the easiest "A" I’ve ever gotten)… made only easier if you’re using WordPress as you don’t have to edit your Nginx Server Block.
What’ll you need?:
- Real Simple SSl WordPress Plugin
- ^ That’s it, the only thing you need to add to WordPress, oh, and activate it (you’ll get an error as you don’t have SSL yet… don’t worry about it.)
This is all based on you running Raspbian Stretch (not Jessie, but I did write a tutorial for that too) and you’ve got WordPress running (also, I’ve got Nginx on this machine too).
Assuming your RPi is already updated (sudo apt update && sudo apt upgrade -y) we can get started. Open up terminal:
sudo apt-get install certbot
If you’ve followed this site in the past you’ll note that I’m running a server with two sites on Nginx. Thus I’m doing this from the point of view of having both of those sites running SSL. However, if you want only one of them you can just forgo the second address set/webroot location (the address where your site is). Replace example.com and/or thing.is with your own domain(s).
sudo certbot certonly --webroot -w /var/www/example.com/html -d example.com -d www.example.com -w /var/www/thing.is/html -d thing.is -d m.thing.is
After all has run through… you’re set. However, let’s test the system to make sure it’ll renew when it’s time:
sudo certbot renew --dry-run
Sweet! It works. Now, let’s set up a cron-job to make sure it’ll auto check to renew for us. I have mine set to check once a week. Let’s Encrypt won’t let you renew until you’re within 30 days of expiring, so I think we’re good to check weekly as opposed to daily. Open crontab with:
sudo crontab -e
Then enter the following at the end of this file. This is telling the cron-job to run once a week at 0515 (5:15 am). The "week" clock starts on the day you install it.
15 5 * * 1 /usr/bin/certbot renew --quiet
Now go back into WordPress, the error you got when you installed the SSL plugin should be gone, however, if it’s not, reboot your RPi and that’ll usually do the trick. Welcome to the HTTPS club.