✨ Features: - Complete LEMP stack automation - WordPress with WP-CLI - Redis Object Cache (50% performance boost) - Multi-OS support - SSL/Let's Encrypt integration - Security hardening - Enterprise features - Docker testing environment - GitHub Actions CI/CD - Comprehensive documentation 🧪 Fully tested and production-ready Copyright (c) 2025 Sebastian Palencsár
1.7 KiB
1.7 KiB
SSL/HTTPS Setup Guide
This guide explains how to set up SSL certificates for your WordPress installation.
Let's Encrypt with Certbot
Prerequisites
- Domain name pointing to your server
- Ports 80 and 443 open in firewall
- Nginx already configured and running
Automatic SSL Setup
The playbook includes an optional SSL setup that uses Let's Encrypt:
ansible-playbook -i inventory/production playbooks/lemp-wordpress.yml -e enable_ssl=true -e domain_name=yourdomain.com
Manual SSL Setup
If you prefer manual setup or have your own certificates:
-
Install Certbot:
sudo apt update sudo apt install certbot python3-certbot-nginx -
Generate Certificate:
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com -
Auto-renewal:
sudo crontab -e # Add: 0 12 * * * /usr/bin/certbot renew --quiet
SSL Configuration
The SSL-enabled Nginx configuration includes:
- HTTP to HTTPS redirect
- Strong SSL ciphers
- HSTS headers
- OCSP stapling
Troubleshooting SSL
Certificate not found:
- Verify domain DNS points to server
- Check firewall allows ports 80/443
- Ensure Nginx is running
Mixed content warnings:
- Update WordPress site URL in database
- Check for hardcoded HTTP links
- Use SSL-aware plugins
Certificate renewal fails:
- Check Nginx configuration syntax
- Verify webroot path permissions
- Review certbot logs:
/var/log/letsencrypt/
Custom Certificates
To use your own SSL certificates:
- Copy certificates to
/etc/ssl/certs/ - Update Nginx configuration
- Restart Nginx service
See templates/wordpress-ssl.nginx.j2 for the SSL template.