Now Over HTTPS Courtesy of Lightningbase & Let’s Encrypt

It wasn’t that long ago that I reminded you of how much I admire Lightningbase. Here’s just one more reason why these guys rock. Lightningbase has recently made it very easy to deploy SSL for WordPress sites by integrating Let’s Encrypt.

Lightningbase founder Chris Piepho announced the effort in a blog post. Since I’ve wanted to use SSL for a while, but not had the time to work through the details, I took the new offer as a sign that I should go ahead with the implementation.

I must say that I was floored by how easy this was! The entire process of getting this domain running on SSL took me less than 15 minutes.

Here’s what I did to make it happen:

  1. Logged into Lightningbase support and used the CPanel option to get the certificate. In just a minute or two I was informed that it was installed and Apache was restarting in the background.
  2. I then altered the root addresses of the WordPress installation to https:
  3. Next, I used the Better Search & Replace plug-in to modify the Posts table of the database. I changed all existing instances of http://www.mgraves.org to https://www.mgraves.org
  4. Finally, I wiped the contents of WP Super Cache and forced it to pre-load anew

Chris describes his integration with Let’s Encrypt as “in beta” in part because Let’s Encrypt describes themselves as such. The certificates only last 90 days. Messaging I saw during the setup indicated that the system will try to automatically renew the certificate 30 days before it expires. It’ll be interesting to see if that happens transparently.

If Let’s Encrypt can make using SSL this easy for most people, we should see widespread adoption even in the most casual of circumstances. It was just too easy not to do it right away.

  • Media Watcher

    Bummer. I read your blog on my blackberry Q10 and Blackberry has not yet pushed down a new root certificate that includes the Let’s Encrypt root certificate. Maybe you want to allow connections over both SSL and non SSL until the world has caught up.

    https://community.letsencrypt.org/t/inclusion-of-isrg-root/9002/5

    • mjgraves

      Interesting. I’ll look into that.

    • mjgraves

      Let’s hope that Blackberry gets it together with respect to the root certificate. I asked the host about allowing both http and https, but the sad fact is that it’s not simple to do. There root of the site must be one or the other. Further, the links contained into the database are explicit. A hack to the .htaccess file might help, but it would still throw an error at first connection.

      Looking at the logs it seems that BB readers represent just 0.13% of readers. On that basis, I respectfully submit that it’s not really a big deal.