Looking at setting up https on a wordpress domain.

I have never done it before.

Hosted on Debian Lenny.

The domain is registered with 123 reg.

Do I need to configure the server in some way? Or can I just buy an ssl?

123-reg.co.uk/ssl-certificates/

Somewhat baffled.

Thanks in advance.

Cheers

Registrar is immaterial here.

Certificates are installed on your server and yes, you must install it. How do you manage your server?

A few points...

1. If this is managed hosting or shared hosting, your host will do this for you. Just put in a ticket.

2. If you have somewhat higher privs, you can do this yourself through CPanel, Virtualmin, Plesk or command line, depending on what is available.

3. If you're on CPanel or Virtualmin, you can click a single button and it will install a Lets Encrypt Cert for free. I don't see any reason to buy a cert anymore unless you need higher levels of verification, and those get expensive (especially at the highest levels where they send someone to your location and pull all sorts of documentation).

4. Once you have the cert, you will be able to test it while still keeping the http version alive. Open your Dev Tools in your browser and open the console tab and load a bunch of pages. Do you get errors? If you have "mixed mode" you will - in other words, if you have a https page and an http stylesheet, that will throw an error and the stylesheet won't load. So you have to go through and update your base URL in Wordpress, any hardcoded links to stylesheets, JS, images, etc.

5. Once you've tested it an SSL is working, then you can set up your redirects and canonicalize on the https.

6. Finally - Google Search Console does not have a means of transferring a property to a new URL and this is a new URL. You will have to reverify for https and you will now have two, completely separate properties (possibly four if you verify for the www and non-www domains). Within a few months, your http property in search console will have zero traffic and all the rankings will be gone and you will forget and go look at it and have your heart sink and, hopefully, quickly realize that this is as it should be and switch to your live property.

The debian thing was a nause

Moved the domain to ubuntu 16 and it was done in 8 minutes with lets encrypt.

https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04

>>nause

I guessed this from context... but had to look it up
http://www.urbandictionary.com/define.php?term=nause

Anyway, glad you got it sorted.

I did thanks.

It took 15 minutes to move the domain to a modern server.

Then a few commands within ssh and it was sorted.

Pretty easy and free.

Thanks

I think it was you that mentioned LetsEncrypt, so thanking you :-)

Quote from: ukgimp on February 05, 2017, 02:22:02 PM
I think it was you that mentioned LetsEncrypt, so thanking you :-)

Yeah... just the two of us in this thread. I am amazed how easy LetsEncrypt makes this now. If you don't need extended verification (which is the term I was trying to think of in my original post but couldn't), basic TLS/SSL is *so* easy now.

QuoteLetsEncrypt

does that need resetting every 6 months or something?

Last time we were looking at freebees, there was a higher danger of it being forgotten I thought.

>does that need resetting every 6 months or something?
Every 3 months. But that is handled by a script and you get email warnings if a certificate for some reason is not renewed.

Thats the bit I find scary.. its something else to go wrong.

I am using Webmin / Virtual Min, you click a button and it auto renews Let's encrypt every 2 months. If there is ever any errors it mails me. If I forget, even after getting the emails, I have a month to log in and check before it expires.... so a decent safety net IMO

Ok good idea.

Putting it on a staging server apparently. See how that goes. Still seems a small saving on what could be a high cost error.

>Small saving

Agreed

>high cost error

Disagreed.... or rather I disagree that paying for the SSL certificate removes the error of it expiring. We had this last year and our SSL certificate expired. We didn't realise for a few hours, I was in Croatia and Richard was here in Blighty. Paying didn't stop the issue of a certificate expiring, and in actual fact if we'd have had Let's Encrypt and the automated renewal process set up, we'd never have had the problem... and saved a few bucks per year

For me it's not a matter of saving money. Lets Encrypt is simply easier to use

Quote from: JasonD on February 06, 2017, 06:43:51 PM
I am using Webmin / Virtual Min, you click a button and it auto renews Let's encrypt every 2 months.

Ditto - Webmin/Virtualmin, 3-month cert set to renew every two months.

Quote from: Torben on February 06, 2017, 08:58:35 PM
For me it's not a matter of saving money. Lets Encrypt is simply easier to use

The price I was getting certs for at Namecheap was so low, it wasn't a factor. It's the convenience more than the price that finally has me converting low-value sites over to SSL.

QuotePaying didn't stop the issue of a certificate expiring

Paying doesn't mean your cert won't go bad if a sysadmin at your host makes some change on a server that invalidates your cert (which happened to a client six months or so ago). But it did mean having to contact people, find out how to update and reinstall the cert (I forget the details, but it shouldn't have happened), and took the better part of a day to get it to stop showing a browser warning. In as much time as it took to craft the email saying something was wrong, we could have just issued a new cert with LetsEncrypt and been done with it.

Obviously, if you need Extended Verification and things like that, it's not a solution though.