I was setting up HTTPS/SSL on a new Wordpress site that I'd installed via DigitalOcean's 1-Click App, but it took a while because of some amateur mistakes leading to infinite redirects and other HTTP errors. Here's how I did it, just in case I forget and have to setup another WP site.

1. Point your domain name to your droplet IP.

• On your domain registrar (or Cloudflare if you've already set it up to manage your DNS), add 2 A-records as specified on DO:

A | @ | your.droplet.ip
A | www | your.droplet.ip

2. SSH into droplet and run the setup

• SSH into your droplet (ssh your.droplet.ip) and run the setup this time. Enter your site URL, example.com. When prompted for setting up SSL, allow it.

• If you'd already run the setup without setting up SSL, you can run certbot with certbot --apache -d example.com -d www.example.com

3. Setup cloudflare

• Now login to cloudflare and connect it to your site.
• Set SSL/TLS to Full/Strict.
• Install the Cloudflare Plugin from WP Admin. Open the plugin settings from Plugins > Installed Plugins and enter your API Key.

Done!

Redirecting www to non-www (optional)

1. I opened htaccess with nano /var/wwww/html/.htaccess and pasted this after the auto-generated config from wordpress:

RewriteEngineon
RewriteCond%{HTTP_HOST} ^www.example.com [NC]
RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]