How to Install WordPress with Nginx and Let’s Encrypt SSL on Ubuntu

WordPress is a simple, popular, open-source, and free CMS (content management system) for creating modern websites. Today, WordPress powers nearly half of the websites worldwide. Hostman offers Wordpress cloud hosting with quick load times, robust security, and simplified management. 

However, having just a content management system is not enough. Modern websites require an SSL certificate, which provides encryption and allows using a secure HTTPS connection.

This short guide will show how to install WordPress on a cloud server, perform initial CMS configuration, and add an SSL certificate to the completed site, enabling users to access the website via HTTPS.

The Nginx web server will receive user requests and then proxied to WordPress for processing and generating response content.

A few additional components are also needed: a MySQL database, which serves as the primary data storage in WordPress, and PHP, which WordPress is written in.

This technology stack is known as LEMP: Linux, Nginx, MySQL, PHP.

Step 1. Creating the Server

First, you will need a cloud server with Ubuntu 22.04 installed.

1. Go to the Hostman control panel.
2. Select the Cloud servers tab on the left side of the control panel.
3. Click the Create button.

You’ll need to configure a range of parameters that ultimately determine the server rental cost. The most important of these parameters are:

• The operating system distribution and its version (in our case, Ubuntu 22.04).
• Data center location.
• Physical configuration.
• Server information.

Once all the data is filled in, click the Order button.

Upon completion of the server setup, you can view the IP address of the cloud server in the Dashboard tab, and also copy the command for connecting to the server via SSH along with the root password:

Next, open a terminal in your local operating system and connect via SSH with password authentication:

ssh root@server_ip

Replace server_ip with the IP address of your cloud server. You will then be prompted to enter the password, which you can either type manually or paste from the clipboard.

After connecting, the terminal will display information about the operating system. Now you can create a user with sudo priviliges or keep using root.

Step 2. Updating the System

Before beginning the WordPress installation, it’s important to update the list of repositories available through the APT package manager:

sudo apt update -y

It’s also a good idea to upgrade already installed packages to their latest versions:

sudo apt upgrade -y

Now, we can move on to downloading and installing the technology stack components required for running WordPress.

Step 3. Installing PHP

Let's download and install the PHP interpreter.

First, add a specialized repository that provides up-to-date versions of PHP:

sudo add-apt-repository ppa:ondrej/php

In this guide, we are using PHP version 8.3 in FPM mode (FastCGI Process Manager), along with an additional module to enable PHP’s interaction with MySQL:

sudo apt install php8.3-fpm php-mysql -y

The -y flag automatically answers “yes” to any prompts during the installation process.

To verify that PHP is now installed on the system, you can check its version:

php -v

The console output should look like this:

PHP 8.3.13 (cli) (built: Oct 30 2024 11:27:41) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.3.13, Copyright (c) Zend Technologies
    with Zend OPcache v8.3.13, Copyright (c), by Zend Technologies

You can also check the status of the FPM service:

sudo systemctl status php8.3-fpm

In the console output, you should see a green status indicator:

Active: active (running)

Step 4. Installing MySQL

The MySQL database is an essential component of WordPress, as it stores all site and user information for the CMS.

Installation

We’ll install the MySQL server package:

sudo apt install mysql-server -y

To verify the installation, check the database version:

mysql --version

If successful, the console output will look something like this:

mysql  Ver 8.0.39-0ubuntu0.22.04.1 for Linux on x86_64 ((Ubuntu))

Also, ensure that the MySQL server is currently running by checking the database service status:

sudo systemctl status mysql

The console output should display a green status indicator:

Active: active (running)

MySQL Security

This step is optional in this guide, but it’s worth mentioning. After installing MySQL, you can configure the database’s security settings:

mysql_secure_installation

This command will prompt a series of questions in the terminal to help you configure the appropriate level of MySQL security.

Creating a Database

Next, prepare a dedicated database specifically for WordPress.

First, log in to MySQL:

mysql

Then, execute the following SQL command to create a database:

CREATE DATABASE wordpress_database;

You’ll also need a dedicated user for accessing this database:

CREATE USER 'wordpress_user'@'localhost' IDENTIFIED BY 'wordpress_password';

Grant this user the necessary access permissions:

GRANT ALL PRIVILEGES ON wordpress_database.* TO 'wordpress_user'@'localhost';

Finally, exit MySQL:

quit

Step 5. Downloading and Configuring Nginx

The Nginx web server will handle incoming HTTP requests from users and proxy them to PHP via the FastCGI interface.

Download and Installation

We’ll download and install the Nginx web server using APT:

sudo apt install nginx -y

Next, verify that Nginx is indeed running as a service:

systemctl status nginx

In the console output, you should see a green status indicator:

Active: active (running)

You can also check if the web server is functioning correctly by making an HTTP request through a browser. Enter the IP address of the remote server in the address bar, where you are installing Nginx. For example:

http://166.1.227.189

If everything is set up correctly, Nginx will display its default welcome page.

For good measure, let’s add Nginx to the system’s startup list (though this is typically done automatically during installation):

sudo systemctl enable nginx

Now, you can proceed to make adjustments to the web server configuration.

Configuration

In this example, we’ll slightly modify the default Nginx configuration. For this, we need a text editor. We will use nano.

sudo apt install nano

Now open the configuration file:

sudo nano /etc/nginx/sites-enabled/default

If you remove all the comments, the basic configuration will look like this:

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    root /var/www/html;

    index index.html index.htm index.nginx-debian.html;

    server_name _;

    location / {
        try_files $uri $uri/ =404;
    }
}

To this configuration, we’ll add the ability to proxy requests to PHP through FastCGI:

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    root /var/www/html;

    # added index.php to index files
    index index.html index.htm index.nginx-debian.html index.php;

    # specify the domain name to obtain an SSL certificate later
    server_name mydomain.com www.mydomain.com;

    location / {
        # try_files $uri $uri/ =404;

        # direct root requests to /index.php
        try_files $uri $uri/ /index.php?$args;
    }

    # forward all .php requests to PHP via FastCGI
    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php8.3-fpm.sock;
    }
}

Note that the server_name parameter should contain the domain name, with DNS settings including an A record that directs to the configured server with Nginx.

Now, let’s check the configuration syntax for errors:

sudo nginx -t

If everything is correct, you’ll see a confirmation message in the console:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Then, reload the Nginx service to apply the new configuration:

sudo systemctl reload nginx

Step 6. Installing an SSL Certificate

To obtain an SSL certificate from Let’s Encrypt, we’ll use a special utility called Certbot. In this guide, Certbot will automate several tasks:

• Request the SSL certificate.
• Create an additional Nginx configuration file.
• Edit the existing Nginx configuration file (which currently describes the HTTP server setup).
• Restart Nginx to apply the changes.

Obtaining the Certificate

Like other packages, install Certbot via APT:

sudo apt install certbot
sudo apt install python3-certbot-nginx

The first command installs Certbot, and the second adds a Python module for Certbot’s integration with Nginx. Alternatively, you can install python3-certbot-nginx directly, which will automatically include Certbot as a dependency:

sudo apt install python3-certbot-nginx -y

Now, let’s initiate the process to obtain and install the SSL certificate:

sudo certbot --nginx

First, Certbot will prompt you to register with Let’s Encrypt. You’ll need to provide an email address, agree to the Terms of Service, and optionally opt-in for email updates (you may decline this if desired).

Then, enter the list of domain names, separated by commas or spaces, for which the certificate should be issued. Specify the exact domain names that are listed in the Nginx configuration file under the server_name directive:

• mydomain.com
• www.mydomain.com

After the certificate is issued, Certbot will automatically configure it by adding the necessary SSL settings to the Nginx configuration file:

listen 443 ssl; # managed by Certbot

# RSA certificate
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot

include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

# Redirect non-https traffic to https
if ($scheme != "https") {
	return 301 https://$host$request_uri;
} # managed by Certbot

So, the complete Nginx configuration file will look as follows:

server {
	listen 80 default_server;
	listen [::]:80 default_server;

	listen 443 ssl; # managed by Certbot

	# RSA certificate
	ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot

	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

	root /var/www/html;

	index index.html index.htm index.nginx-debian.html index.php;

	server_name domain.com www.domain.com;

	# Redirect non-https traffic to https
	if ($scheme != "https") {
	return 301 https://$host$request_uri;
	} # managed by Certbot

	location / {
		# try_files $uri $uri/ =404;

		# direct root requests to /index.php
		try_files $uri $uri/ /index.php?$args;
	}

	# forward all .php requests to PHP via FastCGI
	location ~ \.php$ {
		include snippets/fastcgi-php.conf;
		fastcgi_pass unix:/run/php/php8.3-fpm.sock;
	}
}

Automatic Certificate Renewal

Let’s Encrypt certificates expire every 90 days, so they need to be renewed regularly. Instead of manually renewing them, you can set up an automated task.

For this purpose, we’ll use Crontab, a scheduling tool in Unix-based systems that uses a specific syntax to define when commands should run.

Install Crontab:

sudo apt install cron

And enable it:

sudo systemctl enable cron

Now open the Crontab file:

crontab -e

Add the following line to schedule the Certbot renewal command:

0 12 * * * /usr/bin/certbot renew --quiet

In this configuration:

• The command runs at noon (12:00) every day.
• Certbot will check the certificate’s expiration status and renew it if necessary.
• The --quiet flag ensures that Certbot runs silently without generating output.

Step 7. Downloading WordPress

In this guide, we’ll use WordPress version 6.5.3, which can be downloaded from the official website:

wget https://wordpress.org/wordpress-6.5.3.tar.gz

Once downloaded, unpack the WordPress archive:

tar -xvf wordpress-*.tar.gz

After unpacking, you can delete the archive file:

rm wordpress-*.tar.gz

This will create a wordpress folder containing the WordPress files.

Most core files are organized in the wp-content, wp-includes, and wp-admin directories. The main entry point for WordPress is index.php.

Moving WordPress Files to the Web Server Directory

You need to copy all files from the wordpress folder to the web server’s root directory (/var/www/html/) so that Nginx can serve the PHP-generated content based on user HTTP requests.

Clear the existing web server directory (as it currently contains only the default Nginx welcome page, which we no longer need):

rm /var/www/html/*

Copy WordPress files to the web server directory:

cp -R wordpress/* /var/www/html/

The -R flag enables recursive copying of files and folders.

Set ownership and permissions. Ensure that Nginx can access and modify these files by setting the www-data user and group ownership, as well as appropriate permissions, for the WordPress directory:

sudo chown -R www-data:www-data /var/www/html/
sudo chmod -R 755 /var/www/html/

This allows Nginx to read, write, and modify WordPress files as needed, avoiding permission errors during the WordPress installation process.

Step 8. Configuring WordPress

WordPress configuration is managed through an intuitive web-based admin panel. No programming knowledge is necessary, though familiarity with languages like JavaScript, PHP, HTML, and CSS can be helpful for creating or customizing themes and plugins.

Accessing the Admin Panel

Open a web browser and go to the website using the domain specified in the Nginx configuration, such as:

https://mydomain.com

If all components were correctly set up, you should be redirected to WordPress’s initial configuration page:

https://mydomain.com/wp-admin/setup-config.php

1. Select Language: Choose your preferred language and click Continue.

2. Database Configuration: WordPress will prompt you to enter database details. Click Let’s go! and provide the following information:

• Database Name: wordpress_database (from the previous setup)

• Database Username: wordpress_user

• Database Password: wordpress_password

• Database Host: localhost

• Table Prefix: wp_ (or leave as default)

3. Click Submit. If the credentials are correct, WordPress will confirm access to the database.

4. Run Installation: Click Run the installation. WordPress will then guide you to enter site and admin details:

• Site Title

• Admin Username

• Admin Password

• Admin Email

• Option to discourage search engine indexing (recommended for development/testing sites)

5. Install WordPress: Click Install WordPress. After installation, you’ll be prompted to log in with the admin username and password you created.

Accessing the Dashboard

Once logged in, you'll see the WordPress Dashboard, which contains customizable widgets. The main menu on the left allows access to core WordPress functions, including:

• Posts and Pages for content creation

• Comments for moderating discussions

• Media for managing images and files

• Themes and Plugins for design and functionality

• Users for managing site members and roles

Your WordPress site is now fully configured, and you can begin customizing and adding content as needed.

Conclusion

This guide showed how to install WordPress along with all its dependencies and how to connect a domain and add a SSL certificate from Let’s Encrypt to an already functioning website, enabling secure HTTPS connections with the remote server.

The key dependencies required for WordPress to function include:

• PHP: The scripting language WordPress is written in.

• MySQL: The database system used by WordPress to store content and user data.

• Nginx (or Apache in other implementations): The web server that processes user requests initially.

For more detailed information on managing site content through the WordPress admin panel, as well as creating custom themes and plugins, refer to the official WordPress documentation.