Adding HTTPS support using LetsEncrypt
Adding HTTPS support to your website seems to be the thing to do these days. It encrypts the traffic between your site and your visitors and helps keep unwanted eavesdroppers from seeing the data being transmitted. There isn’t a huge benefit to using HTTPS unless you require the visitor to submit information to your servers. However, it can still provide a sense of authority and security.
In order to enable HTTPS you need to have an SSL/TLS certificate. Purchasing one of these certificates used to cost money. However, in 2016, LetsEncrypt was created to provide certificates for free. The catch is that the certificates are only good for 90 days instead of the usual 1+ years. This isn’t a problem though as the renewal process is easily automated using Certbot. Currently, the easiest system configuration to get up and running quickly is Apache running on Ubuntu 16.04 or higher. The steps are outlined below.
Ubuntu 16.04+ and Apache
There are only three things you need to do: install Certbot, generate the certificates, and learn how to renew the certificates. Installing Certbot is easy since it is readily available in apt. You need only run the following command:
sudo apt-get install python-letsencrypt-apache
Once that’s installed, you need to run it in order to generate your certificates. You do that by running:
letsencrypt --apache
After you press enter, a series of screens will appear asking you basic questions about which domains you want to generate certificates for. I had issues when I did a bulk creation. So I ended up doing each site one-by-one. You may have different results.
The final thing you need to do is either create a cron job or manually run the renewal command every 90 days:
letsencrypt renew
That’s all that you should need to do to get going. There is more information on Certbot’s website which was linked above.
Non-Ubuntu or non-Apache
If you have a *nix-based host with root access you can use Certbot to make the process of obtaining and renewing a certificate much easier. If you don’t have a web host and are looking for a one, Linode is an excellent provider. They’re cheap, highly configurable, and very helpful if you have problems.
If you do not have a *nix-based host with root access, things become a little tougher. Your hosting provider will need to retrieve and install the certificate on your behalf. You will need to reach out to them to find out if they can do this for you. If not, it might be time to find another provider.
If you don’t have a *nix-based host at all (i.e. Windows), you will need to use a 3rd party application. A list can be found here.
Please share this article if it helped you and let me know what you think by adding a comment below!
