Installing WordPress on Linux Ubuntu Server 20.04 LTS with NGINX and Let's Encrypt SSL

Today we will be taking a look at how we can install WordPress on the latest Ubuntu Server 20.04 LTS. This guide will also work on Ubuntu Server 18.04 LTS.

Here is a quick summary of what we will complete by the end of the article

1) Connecting to the Server using SSH
2) Installing NGINX
3) Installing and Configuring MariaDB
5) Installing PHP and its related Modules
6) Installing Wordpress
7) Installing and configure Free SSL Cert (Let's Encrypt)
8) Automate SSL Cert Renewal (Every 3 months)

Establishing a connection to the Server

I will be using PuTTY for today's guide.
You can download the file at

1) Launch PuTTY and enter the server's IP address or FQDN (ensure that you have updated your DNS records)

2) Press Yes

3) Login with your Username and ID

Installing NGINX

1) To install NGINX run the command

sudo apt update
sudo apt -y install nginx 

2) Enter the following command to ensure that Nginx Service starts automatically after a reboot

sudo systemctl stop nginx.service
sudo systemctl start nginx.service
sudo systemctl enable nginx.service 

3) On your web Browser, navigate to your server IP or FQDN

Installing MariaDB Server

1) run the following command to install MariaDB Server

sudo apt-get -y install mariadb-server mariadb-client 

2) Enter the following command to ensure that MariaDB Service starts automatically after a reboot

sudo systemctl stop mariadb.service
sudo systemctl start mariadb.service
sudo systemctl enable mariadb.service

3) Run the command to perfrom a secure install for MariaDB

sudo mysql_secure_installation

4) Enter the following settings

Enter current password for root (enter for none): Just press the Enter
Set root password? [Y/n]: Y
New password: Enter password
Re-enter new password: Repeat password
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]:  Y
Reload privilege tables now? [Y/n]:  Y

5) To test if the setup is successful, run the command

sudo mysql -u root -p 

6) Press Ctrl + C to terminate the session

1) Enter the following command

sudo apt-get -y install software-properties-common
sudo add-apt-repository ppa:ondrej/php 

Note : Press [Enter] when prompted

2) Run the command to refresh the repository

sudo apt update 

3) Install the modules by running the commands

sudo apt -y install php7.2-fpm php7.2-common php7.2-mysql php7.2-gmp php7.2-curl php7.2-intl php7.2-mbstring php7.2-xmlrpc php7.2-gd php7.2-xml php7.2-cli php7.2-zip 

4) Edit the php.ini file by runnning

sudo nano /etc/php/7.2/fpm/php.ini

5) Change/Update the following lines

file_uploads = On
allow_url_fopen = On
short_open_tag = On
memory_limit = 256M
cgi.fix_pathinfo = 0
upload_max_filesize = 150M
max_execution_time = 360
date.timezone = Asia/Singapore 

Note : If line has ; in front of the setting, remove it.

You can search for the words by pressing CTRL+W

6) Once completed, Press the following Key, CTRL + X
    Followed by Y

7) Press Enter

8) Restart the ngix services

sudo systemctl restart nginx.service 

Create WordPress Database

1) Logon to MariaDB and enter the password

sudo mysql -u root -p 

2) Create a database

CREATE DATABASE wordpressdb;

3) Create a DB user

CREATE USER 'wordpressuser'@'localhost' IDENTIFIED BY '%YOURPASSWORD%'; 

4) Grant wordpressuser full access to the database

GRANT ALL ON wordpressdb.* TO 'wordpressuser'@'localhost' IDENTIFIED BY '%YOURPASSWORD%' WITH GRANT OPTION; 

5) Flush Privileges and Exit the command


Installing Wordpress

1) To install wordpress, Run the command

cd /tmp
tar -xvzf latest.tar.gz
sudo mv wordpress /var/www/html/%YOURSITENAME%

Note: Change %YOURSITENAME% to your website address (e.g

2) Give permissions to folders

sudo chown -R www-data:www-data /var/www/html/%YOURSITENAME%/
sudo chmod -R 755 /var/www/html/%YOURSITENAME%/ 

Note: Change %YOURSITENAME% to your website address (e.g

Configure NGINX

1) Run the command

sudo nano /etc/nginx/sites-available/%YOURSITENAME%

2) Copy and Paste the entire content and Exit (CTRL + X , Y , ENTER)

server {
    listen 80;
    listen [::]:80;

    server_name  %YOURSITENAME% www.%YOURSITENAME%;
    root   /var/www/html/%YOURSITENAME%;
    index  index.php;
    access_log /var/log/nginx/%YOURSITENAME%.access.log;
    error_log /var/log/nginx/%YOURSITENAME%.error.log;

    client_max_body_size 100M;
    autoindex off;

    location / {
        try_files $uri $uri/ /index.php?$args;

    location ~ .php$ {
         include snippets/fastcgi-php.conf;
         fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         include fastcgi_params;

Note : Change %YOURSITENAME% to your website address (e.g
           Remove www if its not in use

Install and configure Let's Encrypt

1) Install Certbot

sudo apt -y install certbot

2) Create .well-known fodler and grant access to ngix

sudo mkdir -p /var/lib/letsencrypt/.well-known
sudo chgrp www-data /var/lib/letsencrypt
sudo chmod g+s /var/lib/letsencrypt 

3) Enter the command

sudo nano /etc/nginx/snippets/well-known 

4) Paste the following content, save and exit the file ( CTRL + X, Y , ENTER)

location ^~ /.well-known/acme-challenge/ {
  allow all;
  root /var/lib/letsencrypt/;
  default_type "text/plain";
  try_files $uri =404;

Obtaining the SSL Cert (Let's Encrypt)

1) Run the following command

sudo nano /etc/nginx/sites-available/%YOURSITENAME%

2) Add the following line, Save and exit the file

include snippets/well-known;

3) Run the following commands

sudo ln -s /etc/nginx/sites-available/%YOURSITENAME% /etc/nginx/sites-enabled/
sudo systemctl restart nginx.service 

4) Run the following command to generate the cert

sudo certbot certonly --agree-tos --email %YOUREMAILADDRESS% --webroot -w /var/lib/letsencrypt/ -d %YOURSITENAME% -d www.%YOURSITENAME%

Note: Replace the following
%YOUREMAILADDRESS% - Your personal email address
%YOURSITENAME% - Your website URL
Remove -d www.%YOURSITENAME% if it is not in use

5) Select N for the prompt below

6) Once successful, Generate a DH Key
    (Note: this may take some time to complete)

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 

7) Open %YOURSITENAME% config file

sudo nano /etc/nginx/sites-available/%YOURSITENAME%

8) Replace the the file with the following content

Note :

a) change %YOURSITENAME% with your URL,

b) To quickly remove the contents in the file Press and Hold CTRL + K

server {
    listen 80;
    server_name %YOURSITENAME% www.%YOURSITENAME%;
    include snippets/well-known;
    return 301 https://$host$request_uri;

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name %YOURSITENAME% www.%YOURSITENAME%;
    root /var/www/html/%YOURSITENAME%;
    index index.php index.htm index.html;

    if ($host != "%YOURSITENAME%") {
           return 301 https://%YOURSITENAME%$request_uri;
    include snippets/well-known;
    ssl_certificate /etc/letsencrypt/live/%YOURSITENAME%/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/%YOURSITENAME%/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/%YOURSITENAME%/chain.pem;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver valid=300s;
    resolver_timeout 30s;
    access_log /var/log/nginx/%YOURSITENAME%.access.log;
    error_log /var/log/nginx/%YOURSITENAME%.error.log;

    client_max_body_size 100M;
    autoindex off;

    location / {
        try_files $uri $uri/ /index.php?$args;

    location ~ .php$ {
         include snippets/fastcgi-php.conf;
         fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         include fastcgi_params;

9) Restart Ngix Service

sudo systemctl restart nginx

Automate SSL Cert Renewal

1) Run the following command

sudo crontab -e 

2) Select 1

3) Add the lines at the end of the file, Save and Exit the once it is done

0 1 * * * /usr/bin/certbot renew & > /dev/null 

Note : Cron job will attempt to renew the cert 30 Days before expiring

4) Run the following commands

sudo rm /etc/nginx/sites-available/default
sudo rm /etc/nginx/sites-enabled/default
sudo systemctl restart nginx 

Finally, its time to completed the WordPress Setup, you can close the puTTY window at this point in time

Completing WordPress Setup

1) Open your Browser and navigate to your website
2) Select your prefered langauge, Click Continue

3) Click on Let's go!

4) Enter the required information
Database Name : wordpressdb
Username : wordpressuser

Leave the rest default

5) Click on Run the installation

6) Key in your site information, your username and your email address. Take note of your password, Click on Install Wordpress when completed


Password - if you prefer to use your own password, highlight the password field and enter your own password. If your password is weak, you can check on the Confirm use of weak password box to continue. It is not advisable to use a weak password to prevent any unauthorized access

Search Engine Visibility - You can prevent Search engine from indexing your site until it is ready by checking the box

And your WordPress site is complete! Click Log in to start setting up your website!