This guide walks through provisioning a Hetzner Cloud server, installing the LEMP stack, deploying WordPress, and enabling HTTPS with Let’s Encrypt. Every command snippet is provided as a bash script block so you can copy and paste with confidence.
1. Hetzner Cloud Setup
- Log in to the Hetzner Cloud console, create a project, and add a new server.
- Recommended baseline: Ubuntu, standard plan (~3 vCPUs, 4 GB RAM, 80 GB SSD), and 20 TB traffic.
- Upload your SSH public key and give the server a recognizable name (for example,
netwits).
2. Log In via SSH
Use your local terminal (or PuTTY/Windows Terminal) to reach the server:
ssh root@your_ip_address
Accept the fingerprint the first time you connect.
3. Connect Your Domain Name
- At your domain registrar (e.g., Google Domains) create two
Arecords:@→ server IPv4www→ server IPv4
- Wait for DNS propagation (dnschecker.org can help confirm).
4. Update System Packages
Keep the OS current before installing services:
apt update
apt upgrade -y5. Install WordPress Files
Download, unpack, and set secure permissions under /var/www:
cd /var/www/
wget https://wordpress.org/latest.tar.gz
tar -xzvf latest.tar.gz
rm latest.tar.gz
chown -R www-data:www-data wordpress
find wordpress/ -type d -exec chmod 755 {} ;
find wordpress/ -type f -exec chmod 644 {} ;6. Configure MariaDB
Secure the database server, then create a database and user for WordPress.
mysql_secure_installationFollow the prompts to set the root password, remove anonymous users, disallow remote root logins, remove the test database, and reload privileges.
mysql -u root -pInside the MariaDB shell, run:
CREATE DATABASE example_database CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'example_user'@'localhost' IDENTIFIED BY 'example_password';
GRANT ALL PRIVILEGES ON example_database.* TO 'example_user'@'localhost';
FLUSH PRIVILEGES;
EXIT;7. Configure Nginx
Create a site definition that points to the WordPress directory and proxies PHP requests through PHP-FPM.
cd /etc/nginx/sites-available/
nano wordpress.confPaste the following server block (update PHP socket path and domains as needed):
upstream php-handler {
server unix:/var/run/php/php7.4-fpm.sock;
}
server {
listen 80;
server_name netwits.io www.netwits.io;
root /var/www/wordpress;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass php-handler;
}
location ~ /.ht {
deny all;
}
}Enable the site and reload Nginx:
ln -s /etc/nginx/sites-available/wordpress.conf /etc/nginx/sites-enabled/
nginx -t
systemctl restart nginx8. Complete the WordPress Installer
- Visit
http://your-domainin a browser. - Provide the database credentials created earlier and set your site title plus admin account information.
9. Install Recommended PHP Modules
If WordPress site health flags missing modules, install them in one go:
apt install -y php-curl php-dom php-mbstring php-imagick php-zip php-gd10. Issue and Auto-Renew an SSL Certificate
Use Certbot with the Nginx plugin to obtain a Let’s Encrypt certificate.
apt install -y snapd
snap install core
snap refresh core
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot
certbot --nginx
systemctl list-timersCertbot guides you through email/ToS prompts and automatically writes HTTPS server blocks. Afterward, confirm the WordPress WordPress Address and Site Address settings both use https://.
You now have a hardened LEMP stack running WordPress on Hetzner Cloud with automatic SSL renewals. Continue monitoring system updates and backups to keep the site healthy.