Install auto-renewable SSL certificate (WordPress instance)

---

A – Add backports to your sources.list

STEP 1:
Run sudo chmod 777 /etc/apt/sources.list.d/backports.list

STEP 2:
For jessie add this line:
deb http://ftp.debian.org/debian jessie-backports main
to your sources.list (or add a new file with the “.list” extension to /etc/apt/sources.list.d/) You can also find a list of other mirrors at https://www.debian.org/mirror/list

For stretch add this line
deb http://ftp.debian.org/debian stretch-backports main
to your sources.list (or add a new file with the “.list” extension to /etc/apt/sources.list.d/) You can also find a list of other mirrors at https://www.debian.org/mirror/list

STEP 3:
Run sudo chmod 644 /etc/apt/sources.list.d/backports.list

---

B – Create and install SSL certificate via SSH

STEP 4:
Run sudo apt-get install python-certbot-apache -t stretch-backports

Need to get 2,647 kB of archives.
After this operation, 12.7 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y

STEP 5:
Run sudo certbot --authenticator webroot --installer apache

Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel): admin@norzh.com

Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v01.api.letsencrypt.org/directory
——————————————————————————-
(A)gree/(C)ancel: A

Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let’s Encrypt project and the non-profit organization that develops Certbot? We’d like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom.
——————————————————————————-
(Y)es/(N)o: Y

No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter ‘c’ to cancel): lovetabi.fr, www.lovetabi.fr

Input the webroot for lovetabi.fr: (Enter ‘c’ to cancel): /var/www/html

Select the webroot for www.lovetabi.fr:
——————————————————————————-
1: Enter a new webroot
2: /var/www/html
——————————————————————————-
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2

We were unable to find a vhost with a ServerName or Address of www.lovetabi.fr.
Which virtual host would you like to choose?
(note: conf files with multiple vhosts are not yet supported)
——————————————————————————-
1: 000-default.conf | | | Enabled
2: 000-default-le-ssl.conf | lovetabi.fr | HTTPS | Enabled
——————————————————————————-
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
——————————————————————————-
1: No redirect – Make no further changes to the webserver configuration.
2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.
——————————————————————————-
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2

---

C – Automatically renew your SSL certificate

STEP 6:
sudo certbot renew –dry-run

---