Trellis now comes with automated Let’s Encrypt integration for free SSL certificates and the best HTTPS setup.
HTTPS is now more important than ever. Strong encryption through HTTPS creates a safer and more secure web while protecting your site’s users. Google even started using HTTPS as a positive ranking for SEO purposes.
Roots believes in security so we’ve always made SSL/HTTPS a priority in Trellis. Our implementation is designed to score an A+ on the Qualys SSL Labs Test.
In the past many people avoided going HTTPS for technical and convenience reasons:
- Certificates were expensive
- Annoying and complicated web-server configuration
- HTTPS sites were much slower than HTTP
Trellis already takes care of number 2 and 3 for you. It makes it easy to quickly get certificates onto your server and we automatically configure Nginx with the best practices for both security and performance.
But that still leaves the most annoying part of HTTPS: buying and creating an SSL certificate and private key. That’s where Let’s Encrypt comes in.
Let’s Encrypt is a new Certificate Authority that’s free, automated, and open. Their goal is to make possible for everyone to use HTTPS. I think it’s important to show their principles in full:
- Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
- Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
- Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
- Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
- Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
- Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.
Now that Let’s Encrypt is in public beta, Trellis has added automated integration.
This means that by setting two variables in your WordPress site’s configuration, you will automatically get a real (and free) SSL certificate from Let’s Encrypt and Nginx configured with the best practices we’ve always had.
Your site config will look like this (simplified):
# group_vars/production/wordpress_sites.yml wordpress_sites: example.com: ssl: enabled: true provider: letsencrypt env: wp_home: https://example.com wp_siteurl: https://example.com/wp
We’ve introduced the concept of an SSL "provider". Trellis now supports three different kinds:
self-signed is for development or internal servers only.
manual is when you still want to manually supply a certificate and key file.
We strongly encourage everyone to use
letsencrypt and turn SSL on. In the near future we will be making SSL via Let’s Encrypt the default in Trellis.
Now that you can get a free certificate and automated integration, there’s no reason not to switch to HTTPS.
See the full SSL docs for more details.