search

circle-chevron-rightHow to Install WordPress with SSL on Debian 12

hashtag
Prerequisites

  1. A server with Debian 12 OS

  2. User privileges: root or non-root user with sudo privileges (no sudo before commands)

hashtag
Step 1: Update the system

Before we start with LAMP installation, we need to update the system packages to the latest versions available.

hashtag
Step 2: Install Apache Web Server

We will start with the Apache web server from the LAMP stack first. To install the Apache Web server execute the following command.

Once installed, start and enable the service.

Check if the service is up and running.

chevron-rightYou should receive the following outputhashtag

apache2.service - The Apache HTTP Server Loaded: loaded (/lib/systemd/system/apache2.service; enabled; preset: enabled) Active: active (running) since Wed 2025-03-26 07:09:32 UTC; 32min ago Docs: https://httpd.apache.org/docs/2.4/ Main PID: 43425 (apache2) Tasks: 7 (limit: 4531) Memory: 16.5M CPU: 310ms CGroup: /system.slice/apache2.service

hashtag
Step 3: Install PHP with dependencies

Next, we will install PHP and unzip for later use.

Check the installed PHP version.

chevron-rightYou should get the following outputhashtag

PHP 8.2.28 (cli) (built: Mar 13 2025 18:21:38) (NTS) Copyright (c) The PHP Group Zend Engine v4.2.28, Copyright (c) Zend Technologies with Zend OPcache v8.2.28, Copyright (c), by Zend Technologies

hashtag
Step 4: Install the MariaDB database server

The last of the LAMP stack is the MariaDB database server. Install, enable and start the service, and check the status with this command:

chevron-rightYou should receive the following outputhashtag

mariadb.service - MariaDB 10.11.11 database server Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; preset: enabled) Active: active (running) since Wed 2025-03-26 07:14:59 UTC; 38min ago Docs: man:mariadbd(8) https://mariadb.com/kb/en/library/systemd/ Main PID: 45352 (mariadbd) Status: "Taking your SQL requests now..." Tasks: 9 (limit: 29909) Memory: 201.7M CPU: 1.350s CGroup: /system.slice/mariadb.service

hashtag
Step 5: Create a WordPress database and user

Next, we need to create a WordPress database, the WordPress user, and grant the permissions for that user to the database.

Remember to save the credentials for the “wpuser” as you may need it in the future Please be aware that this WordPress user has nothing to do with the actual WP admin user and is only used for backend administration.

hashtag
Step 6. Download and Install WordPress

Before we install WordPress, we first need to download it in the default Apache document root.

Next command sets the correct ownership and permissions for the WordPress files and directories. It assigns www-data ownership, then applies 755 permissions for directories and 644 for files.

hashtag
Step 7. Configure WordPress

Rename the sample configuration file and open it for editing.

chevron-rightDefault should look similar to thishashtag

// ** Database settings - You can get this info from your web host ** // /** The name of the database for WordPress */ define( 'DB_NAME', 'wordpress' );

/** Database username */ define( 'DB_USER', 'wordpress' );

/** Database password */ define( 'DB_PASSWORD', 'YourStrongPasswordHere' );

chevron-rightChange it to thishashtag

// ** Database settings - You can get this info from your web host ** // /** The name of the database for WordPress */ define( 'DB_NAME', 'wpdatabase' );

/** Database username */ define( 'DB_USER', 'wpuser' );

/** Database password */ define( 'DB_PASSWORD', 'YourStrongPasswordHere' );

hashtag
Step 8: Create Apache Virtual Host File

Navigate to the Apache configuration directory and create/open wordpress.conf for editing.

Paste the following lines of code, save the file and close it.

Enables the Apache rewrite module and the WordPress site configuration.

Check the syntax.

chevron-rightYou should receive the following outputhashtag

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message Syntax OK

Reload the Apache configuration, restart the service, and check its status.

Once the Apache service is restarted, you can finish your WordPress installation at http://yourdomain.com.

hashtag
Step 9: Setup SSL certificate for the domain

If you want to present your domain without the “Not secure” warning, you need to pull a SSL certificate. Let's Encrypt is a Certificate Authority that provides free TLS certificates, making it easy for websites to enable HTTPS encryption and create a more secure Internet for everyone. Let's Encrypt is a project of the nonprofit Internet Security Research Group.

Install Certbot and Dependencies Certbot is the recommended tool for obtaining and renewing SSL certificates from Let’s Encrypt. First, install Certbot and the Apache plugin.

Obtain the SSL Certificate Now, let’s obtain and install the SSL certificate for your domain.

chevron-rightThis initiates the certificate setuphashtag

Saving debug log to /var/log/letsencrypt/letsencrypt.log Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): youremail@gmail.com

Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf. You must agree in order to register with the ACME server. Do you agree?

(Y)es/(N)o: Y

Would you be willing, once your first certificate is successfully issued, to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom.

(Y)es/(N)o: N Account registered. Requesting a certificate for yourdomain.com

Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/yourdomain.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/yourdomain.com/privkey.pem This certificate expires on 2025-06-24. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate Successfully deployed certificate for greendata.dk to /etc/apache2/sites-available/wordpress-le-ssl.conf Congratulations! You have successfully enabled HTTPS on https://yourdomain.com

If you like Certbot, please consider supporting our work by:

  • Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate

  • Donating to EFF: https://eff.org/donate-le

Test SSL Installation After the process is complete, test the SSL setup by visiting your domain with https://yourdomain.com

Certbot automatically sets up a cron job for renewing your certificate. However, you can verify this.

chevron-rightThis will show a list of timershashtag

Alternatively, you can manually test the renewal process.

chevron-rightThis shows the simulated renewal processhashtag

root@site:/var/www/html/wordpress# sudo certbot renew --dry-run Saving debug log to /var/log/letsencrypt/letsencrypt.log --------------------------------------------------------------------------------------------------

Processing /etc/letsencrypt/renewal/yourdomain.com.conf --------------------------------------------------------------------------------------------------

Account registered. Simulating renewal of an existing certificate for yourdomain.com --------------------------------------------------------------------------------------------------

Congratulations, all simulated renewals succeeded: /etc/letsencrypt/live/yourdomain.com/fullchain.pem (success) --------------------------------------------------------------------------------------------------

hashtag
Step 10: Troubleshooting

If there’s an issue with the SSL certificate, check Apache’s error logs.

PreviousGreenData GuidesNextMy Linux Debian notes

Last updated