RHEL/CentOS 7 w/ EPEL, Apache 2.4 Multi vHosts, PHP 5.6, MySQL 5.6/MarinaDB 10, WordPress 4.6, LetsEncrypt/Certbot 0.9.
May need modifications for configurations differ than above.
1. Change Site Address in wp-admin
https://$yourdomain.com/wp-admin
, login with admin credentials.
In Settings/General, change WordPress Address (URL), and Site Address (URL) to the new site/blog domain.
2. Change DNS Record
How to change DNS record is out of scope of this tutorial, see your domain providers instructions. One example:
https://www.godaddy.com/help/change-an-a-record-19239
3. Change Apache vHost Settings
sudo vi /etc/httpd/sites-available/$yoursite.conf
Change ServerName
& ServerAlias
for both http and https vHosts, make sure to include both $yourdomain
and www.$yourdomain
.
Save and quit, then sudo systemctl reload httpd
4. Get a new SSL Certificate
This step will be significantly different or may not even necessary if you are using a SSL provider other than Let’s Encrypt, if so, check with your SSL provider’s documents about this step.
sudo certbot certonly --webroot -w /var/www/$your_site_directory -d $yourdomain -d www.$yourdomain
Be aware of the rate limit of Let’s Encrypt, it’s 5 certs/week/domain at the time this article been written.
If this step fails,
Failed authorization procedure … Error: The client lacks sufficient authorization
Check:
– DNS record settings for both $yourdomain
and www.$yourdomain
– File permission of /var/www/$your_site_diectory/.well-known/
– File permission of /var/www/$your_site_diectory/.well-known/acme-challenge
if exsist.
– File permission of key files under /var/www/$your_site_diectory/.well-known/acme-challenge
to make sure user Apache:Apache(or the username whoever owns the Apache process if different) has the permission to read key files.
The key files said above is automatically generated by certbot, and will be deleted after the process, regardless success or fail. Thus, to monitor its permissions during the process, launch a separate ssh session, watch 'ls -al /var/www/$your_site_diectory/'
will give you a 2~3 seconds window to observe what’s happening there.
5. Disable the old SSL Certificate
The best practice is too keep record all all certificate issued. Thus, we archive instead of delete old certificates.
sudo mv /etc/letsencrypt/live/$old /etc/letsencrypt/archive/live
– If this is the 1st time doing this, create archive/live directory first.
sudo mv /etc/letsencrypt/renewal/$old /etc/letsencrypt/archive/renewal
– If this is the 1st time doing this, create archive/renewal directory first.
6. Enable the new SSL Certificate
sudo vi /etc/httpd/sites-available/$yoursite.conf
Change
SSLCertificateFile
to /etc/letsencrypt/live/$yourdomain/cert.pem
SSLCertificateKeyFile
to /etc/letsencrypt/live/$yourdomain/privkey.pem
SSLCertificateChainFile
to /etc/letsencrypt/live/$yourdomain/chain.pem
Save & quit, then sudo systemctl reload httpd
Done.
You must log in to post a comment.