Install SSL certificate for WordPress on Nginx in CentOS 7

Goal

We want to install free Let’s Encrypt SSL certificate for WordPress site example.com (just replace example.com in this tutorial with your domain). Web server is Nginx and site is hosted on CentOS 7.

Preparation

There are a few steps that you have to do before you can install SSL certificate on web site:

  1. Install certbot client (software that obtains and renews SSL certificates)
  2. Obtain SSL certificate using certbot client
  3. Setup automatic SSL certificate renewal

All of this is explained in previous guide (you can follow these steps no matter which web server you plan to use).

Installation

This is not part of tutorial, but it’s best to keep separate configuration file for every website (in our case example.com.conf). You can put them in /etc/nginx/conf.d/ folder and they will be added to Nginx configuration automatically (Nginx reload is needed after every change).

I’ll assume that default Nginx configuration file for single WordPress installations is being used. That’s default setup for my sites.

These three lines should be placed in server block in example.com.conf:

listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

Test Nginx configuration and if there are no errors reload it.
nginx -t
systemctl reload nginx

SSL certificate for website example.com (and www.example.com) is now installed.

Redirection

In lots of cases you want to redirect HTTP to HTTPS (if you don’t want this then please skip this section). You can do this by removing or commenting line:

listen 80;

and adding these lines to example.com.conf:

server {
	listen 80;
	server_name example.com www.example.com;
	return 301 https://$server_name$request_uri;
}

End Result

Complete file example.com.conf should look like this:

upstream php {
	server unix:/tmp/php-cgi.socket;
	server 127.0.0.1:9000;
}

server {
	listen 80;
	server_name example.com www.example.com;
	return 301 https://$server_name$request_uri;
}

server {
	#SSL code
	listen 443 ssl http2;
	ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

	#listen   80;
	root /path/to/website/folder;
	index index.php;
	server_name example.com www.example.com;
				
	location = /favicon.ico {
		log_not_found off;
		access_log off;
	}

	location = /robots.txt {
		allow all;
		log_not_found off;
		access_log off;
	}

	location / {
		# This is cool because no php is touched for static content.
		# include the "?$args" part so non-default permalinks doesn't break when using query string
		try_files $uri $uri/ /index.php?$args;
	}

	location ~ \.php$ {
		#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
		include fastcgi.conf;
		fastcgi_intercept_errors on;
		fastcgi_pass php;
	}

	location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
		expires max;
		log_not_found off;
	}
}

Don’t forget to test configuration and reload service:
nginx -t
systemctl reload nginx

That’s all what is needed to install SSL certificate on WordPress site and optionally perform HTTP to HTTPS redirection.