How I figured out the process to add SSL certificates to a Laughing Squid account

Google is paying attention to whether you have an SSL certificate to your site. It is my understanding that Google will rank sites higher that now can be reached via HTTPS:// rather than only HTTP:// (note that the ‘S’ is missing – for ‘Secure’). I found it rather easy to setup a free SSL certificate using BlueHost for my WordPress sites, but as of last quarter 2018 Laughing Squid’s latest update says they will be integrating similar functionality by end of first quarter 2019.

However, I still need to setup SSL certificates for three sites hosted on the Laughing Squid account. The option to move is not preferred, and Laughing Squid does offer to migrate to a Managed WordPress option at a higher monthly rate. But if I can setup SSL without any other changes to our account, then that is the preferred method.

So I did some research, and if you provide the SSL certificate key parts to Laughing Squids support staff, they will upload them in the correct place on your behalf. So in order to get the key parts, I had to learn how to use CERTBOT to generate them. I found good information about the manual process to use CERTBOT and many of the other settings. This did not seem too difficult, but I really did not want to have to install another program on my limited size computer.

Thankfully, CERTBOT is available in a Docker container, and since I am a huge fan of Docker … Well, there was no further discussion needed.

First, I created a folder to store the certificates for all the sites and to also have a folder to do the renew process in three months. I opened a terminal window (command prompt for Windows people) at the directory and entered the following command

dockerrun -it --rm --name certbot 
-v $(pwd)/etc/letsencrypt:/etc/letsencrypt 
-v $(pwd)/var/lib/letsencrypt:/var/lib/letsencrypt
certbot/certbot certonly --manual

This will run the certbot/certbot container in interactive mode and remove the container when done. I create two local volumes to store the data I need. The command in the container is certonly with the manual tag. I answered a few simple questions in the terminal asked by certbot. Part of the process you WILL NEED to upload a couple text files (with no file extention) to the root folder of your website in order for certbot to verify that you are the owner of the site. The process did catch me off guard the first time I tried, because I assumed it only needed one file, because it asks for the first one, then attempts to verify and then tells you to create a second file which I thought I must have messed up the first time and just kept the same file and tried which caused certbot to fail. Also, I had an issue at first because WordPress was trying to process the path and assumed it was supposed to be a request for a site posting so I temporarily told WordPress to ignore the .well-known folder until I was done. I edited my .htaccess file and placed the following just after the ‘RewriteBase /’ line in the file:

RewriteRule ^.well-known/acme-challenge– [L]

I’m not sure if there are any security precautions or long term effects of adding this to the .htaccess file, so i promptly removed it once I finished with certbot.

When all is done and verified, the Docker container will close and you can look in the folder ‘{path_to_directory_ran_certbot_in}/etc/letsencrypt/live/{name of website}/’ for the four .pem files that you send to laughing squid.

After Laughing Squid responds that all is well, then log in to your WordPress site and go to ‘Settings/General’ and change the ‘WordPress Address’ and the ‘Site Address’ to now include a ‘s’ in ‘HTTPS://’ portion of your web address.

This should be all you need, unless you need to force all traffic to HTTPS. This can be done various ways, even with a WordPress plugin. I personally just add the required code to my .htaccess file below

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]