How to install a SSL Certificate for a Wordpress website hosted in a Google Cloud Platform instance?

Question

I just received a zip file containing the mydomain.crt and mydomain.ca-bundle files. I would like to know how to install the certificate for a WordPress website hosted in a Google Cloud Platform instance. I have the instance configured with the common Bitnami software ( Apache 2.4.25, MySQL 5.7.18, OpenSSL 1.0.2k, PHP 7.0.18, phpMyAdmin 4.7.0, SQLite 3.7.15.1, Varnish 4.1.0, WordPress 4.8). I found plugins available from WordPress such as Really Simple SSL or Cloudflare, but I would like to avoid the use of plugins. Thanks.

Answer 1

You want to follow apache instructions on installing SSL cert onto your website. Meaning, you will need to install the certificate by generating the keys and restarting your server. Being on the cloud or being on a hosted server that's not on the cloud shouldn't matter, it's a web server although you have to make sure port :443 is in your security firewall is allowed otherwise you're https request will change.

Once you've done that, and the installation is successful, you should see a lock next to the https request with the domain information you gave when you installed the ssl certificate. Let us know what kind of problems you ran into, otherwise you should be good to go. You may need to change all your referencing urls that is http to https with mysql search and replace query afterwards.

Answer 2

I found all the required information in this page Bitnami WordPress for Google Cloud Platform . Once you have your certificate generated (self-signed or from an official Certificate Authority), which usually contains 2 files (yourdomian.crt and yourdomian.ca-bundle), the simplest procedure is:

1. Upload those two files to /opt/bitnami/apache2/conf
2. If it is a fresh install, in that folder you should have the server.key, server.crt and server-ca.crt original files. Make a backup of them and delete them, or just rename them like server_b.key, server_b.crt and server-ca_b.crt
3. Rename yourdomian.crt to server.crt and yourdomian.ca-bundle to server-ca.crt
4. In the same folder /opt/bitnami/apache2/conf place a copy of the key used to generate the certificate signing request (CSR), and rename the key to server.key
5. Open the configuration file with sudo nano/opt/bitnami/apache2/conf/bitnami/bitnami.conf if you are not root.
6. To the section add SSLCACertificateFile "/opt/bitnami/apache2/conf/server-ca.crt" if using Apache v2.4.8+, or SSLCertificateChainFile "/opt/bitnami/apache2/conf/server-ca.crt" if using Apache < v2.4.8 and save the changes
7. Make your files only readable by root with sudo chown root:root /opt/bitnami/apache2/conf/server* and sudo chmod 600 /opt/bitnami/apache2/conf/server*
8. Restart apache with sudo /opt/bitnami/ctlscript.sh restart apache

That worked for me to have a Certificate Authority (CA) produced SSL certificate working for my WordPress site, hosted in a Google Cloud VM without installing any third party plugins. As @unixmiah pointed out, do not forget to open port 443 in the server firewall.