Deploying a WordPress website doesn’t have to be manual or repetitive. By combining AWS EC2, Ansible, and the LEMP stack (Linux, Nginx, MySQL, PHP), you can automate the entire process — from server provisioning to SSL configuration — in one smooth run.
In this guide, I’ll walk you through how I built an automated WordPress deployment with Let’s Encrypt SSL, running on an Ubuntu 24.10 EC2 instance, all managed through Ansible playbooks.
What We’ll Cover
Understanding the LEMP stack architecture
Setting up AWS EC2 for automation
Creating Ansible playbooks and roles
Automating WordPress installation and SSL setup
Troubleshooting common deployment issues
Project Overview
This project automates WordPress deployment on AWS using Ansible. It installs and configures:
Linux (Ubuntu 24.10)
Nginx as the web server
MySQL for the database
PHP for dynamic content
Let’s Encrypt SSL for HTTPS security
You’ll end up with a fully operational WordPress site, protected by firewall rules and accessible securely via HTTPS.
Folder Structure
automated_wordpress_lemp_ssl_setup/
├── inventory
├── main-playbook.yaml
├── roles/
│ ├── common/
│ │ └── tasks/main.yaml
│ ├── firewall/
│ │ └── tasks/main.yaml
│ ├── lemp/
│ │ └── tasks/main.yaml
│ ├── wordpress/
│ │ └── tasks/main.yaml
│ ├── ssl/
│ │ └── tasks/main.yaml
│ └── nginx/
│ ├── tasks/main.yaml
│ ├── handlers/main.yaml
│ └── templates/wordpress_nginx.conf.j2
Tools & Technologies
- OS ---> Ubuntu 24.10 (AWS EC2)
- Web Server ---> Nginx
- Database ---> MySQL
- Language ---> PHP
- CMS ---> Wordpress
- Automation ---> Ansible
- SSL ---> Let’s Encrypt (Certbot)
Role Descriptions
common → Updates and upgrades all system packages
firewall → Enables UFW and allows ports 22 (SSH), 80 (HTTP), 443 (HTTPS)
lemp → Installs Nginx, MySQL, PHP, and extensions
wordpress → Downloads WordPress, configures database and user
nginx → Configures Nginx for WordPress and reloads on change
ssl → Obtains Let’s Encrypt SSL certificate and sets HTTPS redirection
SSL Configuration
Once the domain (e.g., mywordpressite.zapto.org) is mapped to your EC2 public IP, Certbot automatically generates an SSL certificate and configures HTTPS redirection.
💡 Tip: Always ensure ports 80 and 443 are open in both AWS Security Group and UFW.
Inventory Example
[wordpress]
<YOUR_EC2_PUBLIC_IP> ansible_user=ubuntu ansible_ssh_private_key_file=~/.ssh/your-key.pem
Running the Playbook
Update domain and email inside
roles/ssl/tasks/main.yaml.Run the playbook:
ansible-playbook -i inventory main-playbook.yaml
- Once complete, visit:
- **[http://yourdomain.com](http://yourdomain.com)**
- **[https://yourdomain.com](https://yourdomain.com)**
Complete the WordPress setup and log in to your admin dashboard.
Troubleshooting Tips
Nginx default page showing ---> Remove /etc/nginx/sites-enabled/default
Certbot “No such auth” error ---> Wait for DNS propagation, then re-run playbook
WordPress database error ---> Check if DB and user are created properly
SSL not working ---> Ensure firewall and AWS SG allow 80/443
💡 Pro Tips
Always remove default Nginx config before adding new ones.
Make sure DNS A record points to your EC2 IP before running Certbot.
You can re-run the playbook safely — Ansible ensures idempotence.
👤 Author
Alan Varghese
🔗 GitHub
📧 thealanvarghese@gmail.com
Conclusion
By automating the entire deployment with Ansible, you’ve saved hours of manual setup and reduced human error. This approach is scalable, repeatable, and production-ready — ideal for DevOps portfolios or personal hosting environments.
Top comments (0)