All Products
Search
Document Center

Simple Application Server:Install an SSL certificate in a WordPress environment

Last Updated:Mar 20, 2024

If a domain name is bound to your simple application server, you can configure HTTPS access for the domain name. This way, you can convert the data transmission protocol from HTTP to HTTPS at a low cost, and perform authentication and encrypted data transmission of websites. This prevents data tampering and information leakage during data transmission. This topic describes how to install an SSL certificate on a simple application server and enable HTTPS access to the server. In this topic, a simple application server on which WordPress 5.8 is installed is used.

Prerequisites

  • A simple application server is created. For more information, see Build a WordPress blog.

  • A domain name is purchased. For more information, see Register a domain name on Alibaba Cloud.

  • If your simple application server is located within a region inside the Chinese mainland, you must obtain an Internet content provider (ICP) filing for the domain name that is bound to your simple application server. For more information, see What is an ICP filing?

  • The domain name is bound to the simple application server and is resolved. For more information, see Bind and resolve a domain name.

Background information

After you apply for and purchase a certificate and deploy the certificate to your web server by using Alibaba Cloud Certificate Management Service, the web service transfers data over HTTPS. If HTTPS is used, an encrypted channel over SSL is activated to transmit data from a client browser to the web server. This enables unidirectional encrypted transmission and prevents data in transmission from being tampered with or intercepted. HTTPS transmission is an essential feature of mobile apps, mini programs, programs, and controls to be published in App Stores or application ecosystems. HTTPS transmission provides the following benefits for websites:

  • Security compliance: HTTPS transmission allows websites to meet the requirements of App Stores or application ecosystems.

  • Encrypted transmission of network data: HTTPS transmission encrypts data communication between users and websites to prevent transmitted data from being intercepted, tampered with, and listened on, and ensure the security of transmitted data.

  • High website security: HTTPS transmission prevents phishing events. When a user visits the website, the browser prompts that the website is secure and trusted. This can improve the credibility, access traffic, and search ranking of the website.

Step 1: Purchase an SSL certificate

Purchase a certificate

  1. Access the Alibaba Cloud Certificates Service buy page.

  2. Select specifications for the certificate that you want to purchase based on your business requirements.

    The following table describes the parameters. For more information about the parameters, see Purchase SSL certificates.

    Parameter

    Description

    Brand

    Select a brand for the certificate. The brand is the certificate authority (CA) that issues certificates to you. In this topic, Digicert is selected.

    For more information about certificate brands, see Select an SSL certificate.

    Certificate Specifications

    Select a certificate type for the certificate. In this topic, OV SSL is selected.

    For more information about certificate types, see What is Certificate Management Service?

    Certificate Type

    Select the type of the domain name that you want to bind to your certificate. In this topic, Single Domain is selected.

    Domain Names

    Default value: 1.

    Quantity

    Default value: 1.

    Service Duration

    Select the validity period of the certificate service. In this topic, 1 Year is selected.

  3. Click Buy Now and complete the payment.

Submit a certificate application

  1. Log on to the Certificate Management Service console.

  2. On the Manage Certificates tab of the SSL Certificates page, select Pending Application from the All Statuses drop-down list.

    This operation queries all purchased certificate instances for which no certificate applications are submitted.

  3. Find the certificate instance for which you want to submit a certificate application and click Apply for Certificate in the Actions column.

  4. In the Apply for Certificate panel, configure the parameters.

    The parameters that are displayed vary based on certificate types. Follow the on-screen instructions to configure the parameters.

    For more information about the parameters, see Required information for certificate application.

  5. Submit your certificate application to the CA for review.

    After you configure the parameters, perform the following operations based on the type of the certificate that you want to apply for:

    • Domain validated (DV) certificate: Click Next, follow the on-screen instructions to complete the verification of domain name ownership, and then click Submit.

      For more information about how to verify domain name ownership, see Verify the ownership of a domain name.

    • Organization validated (OV) or extended validation (EV) certificate: Click Submit.

    After you submit your certificate application, the following message appears. Make sure that the phone calls from the CA are properly answered and check the verification email at the earliest opportunity. The CA sends the verification email to your contact email address.提交审核提示

    If you want to modify the application information after you submit the certificate application, you can cancel the application, modify the information, and submit the application again.

    Note

    In most cases, the CA completes review and issues the certificate within one to two business days after you submit an application for a DV certificate.

Step 2: Configure the SSL certificate

After the certificate is issued, the value of Status for the certificate changes to Issued. You must download and configure the certificate. For more information, see Installation overview.

  1. Download the SSL certificate.

    1. On the Manage Certificates tab of the SSL Certificates page, find the certificate that you want to download and click Download in the Actions column.

    2. In the Download Certificate panel, click Download in the column that corresponds to the server type to download the certificate file.

      Download the certificate that corresponds to the NGINX Web Server or Apache HTTP Server software that is installed in your WordPress server. In this topic, the Apache HTTP Server software is installed in WordPress 5.8. Select Apache for Server Type.

    3. Extract the downloaded package file of the Apache server certificate.

      After the package file is extracted, three files are displayed. For example, if the domain name is example.com, the following files are displayed:

      • example.com.key: the name of the SSL private key file.

      • example.com_chain.crt: the name of the certificate chain file.

      • example.com_public.crt: the name of the SSL public key file.

      addad

  2. Upload the SSL certificate.

    Use tools such as WinSCP to upload the extracted Apache certificate, certificate chain file, and private key file to the /data/cert directory. If the directory does not exist, you can create the directory.

  3. Configure the SSL certificate.

    1. Connect to the simple application server.

      For more information, see Connect to a Linux server.

    2. Run the following command to modify the configuration file vhost.conf:

      vim /etc/httpd/conf.d/vhost.conf
    3. Press the I key to enter the edit mode.

    4. Add the following sample code to the configuration file.

      Before you add the sample code, modify the following parameters in the code:

      • ServerName: the domain name, for example, example.com.

      • DocumentRoot: the application directory, for example, /data/wwwroot/wordpress.

      • Directory: the application directory, for example, /data/wwwroot/wordpress.

      • SSLCertificateFile: the path of the SSL public key file, for example, /data/cert/example.com_public.crt.

      • SSLCertificateKeyFile: the path of the SSL private key file, for example, /data/cert/example.com.key.

      • SSLCertificateChainFile: the path of the certificate chain file, for example, /data/cert/example.com_chain.crt.

      Important

      To ensure that websites can be accessed over HTTPS, you must correctly specify the paths of the certificate files.

      The following sample code provides an example of the content of the modified configuration file:

      #-----HTTPS template start------------
      <VirtualHost *:443>
      ServerName  example.com
      DocumentRoot "/data/wwwroot/wordpress"
      #ErrorLog "logs/example.com-error_log"
      #CustomLog "logs/example.com-access_log" common
      <Directory "/data/wwwroot/wordpress">
      Options Indexes FollowSymlinks
      AllowOverride All
      Require all granted
      </Directory>
      SSLEngine on
      SSLCertificateFile  /data/cert/example.com_public.crt
      SSLCertificateKeyFile  /data/cert/example.com.key
      SSLCertificateChainFile  /data/cert/example.com_chain.crt
      </VirtualHost>
      #-----HTTPS template end------------
    5. After you modify the configuration file, press the Esc key. Then, enter :wq! and press the Enter key to save the configuration file and exit the edit mode.

    6. Run the following command to restart the Apache service:

      systemctl restart httpd
    7. Run the following command to restart the database:

      service mysqld restart

Step 3: Check whether the SSL certificate is installed

  1. Specify the HTTPS domain name on WordPress.

    1. Log on to WordPress.

      For information about how to obtain the URL, and the username and password of the WordPress account, see the "Step 2: Configure the application" section in the Build a WordPress blog topic.

    2. In the left-side navigation pane, choose Settings > General.

    3. In the WordPress Address (URL) and Site Address (URL) fields, enter the domain name that is bound and resolved. In this topic, https://example.com is entered.adasd

    4. Click Save Changes.

  2. Use a browser to access https://<Domain name of the simple application server>.

    • If a lock icon appears in the address bar of the browser, the SSL certificate is installed.sda

    • If you cannot access the website over HTTPS, you can use the following methods to troubleshoot the issue:

      • Check whether port 443 of the simple application server on which you install the SSL certificate is enabled and is not blocked. For more information about how to allow port 443, see Manage the firewall of a server.

      • Check whether an ICP filing is obtained for the domain name. If the domain name is resolved to a website that is hosted on a server in the Chinese mainland, make sure that an ICP filing is obtained for the domain name. For more information, see What is an ICP filing?

      • Check whether the certificate path is correctly specified. Make sure that the paths in the configuration file are the same as the path that is used to upload the certificate. For more information, see the Configure the SSL certificate section in this topic.

References

Different types of servers support different formats of SSL certificates. You can install an SSL certificate based on the server type. For more information, see Installation overview.