How to Secure your Website with a Free SSL Certificate from Let's Encrypt


HTTP has massive privacy issues designed into the protocol that allows attackers to eavesdrop and hijack your content.

Implications of these attacks may go from none to very serious like stealing your identity and even money.

In an effort to encrypt the Web, EFF (Electronic Frontier Foundation) and a certificate authority Let's Encrypt have published free tools to allow web owners easily implement HTTPS by default.

In this tutorial, we'll be setting up a certificate for Apache running on Linux over SSH.

The setup process is very easy so I'll include installation steps for most favorite Linux distributions. However, you shouldn't have any problems following these steps on any UNIX-like operating system.

Install Apache Plugin

First, we need to install the apache plugin.

Find the right commands for your Linux distribution.

Ubuntu:

sudo apt-get update && sudo apt-get upgrade
sudo apt-get install python-letsencrypt-apache

Debian Jessy:

sudo apt-get update && sudo apt-get upgrade
sudo apt-get install python-certbot-apache -t jessie-backports

Gentoo:

emerge --sync
emerge --update --deep --with-bdeps=y @world
emerge -av app-crypt/certbot-apache

Updating Gentoo takes a lot of time because new packages need to be built from source. If you don't want to update your whole system avoid running first 2 commands.

Fedora:

sudo dnf upgrade
sudo dnf install python-certbot-apache

RHEL/Cent OS:

sudo yum update && sudo yum upgrade
sudo yum install python-certbot-apache

Other UNIX-like systems (let's call this method "alternative"):

mkdir ~/certbot
cd ~/certbot
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
sudo ./certbot-auto

In a case of using the alternative method, later on, make sure to run certbot-auto with an absolute path.

Find the path:

sudo find / -type f -executable -name certbot-auto

Possible paths could be:

/usr/bin/certbot-auto
/usr/local/bin/certbot-auto

We'll be using /usr/bin/certbot-auto in this tutorial.

Setup Apache Plugin

Depending on your operating system you will have to use one of 3 commands: letsencrypt, certbot or certbot-auto

For the purpose of this tutorial, we will use letsencrypt.

Since parameters are the same for each of the command, simply change letsencrypt to certbot or /usr/bin/certbot-auto when applicable.

Automatic Setup (Method 1)

The apache plugin automates all of the tasks of setting up SSL for your websites.

If you feel like setting it up manually, please skip this step and move to the method 2 instead.

sudo letsencrypt --apache

Manual Setup (Method 2)

Let's say our web server runs 3 websites for which we want to setup SSL: freedomnode.com, mariodian.com, segwit.freedomnode.com

We will need to obtain and install certificates for each of them separately.

sudo letsencrypt --apache -d freedomnode.com -d mariodian.com -d segwit.freedomnode.com

Test

After installing certificates for your website using either method, open your browser, go to https://yourdomain.com and click the lock icon next to the URL.

You'll be shown details of the certificate such as its issuing authority (Lets' Encrypt) and expiry date.

If you can't load the website or your browser gives you a "can't verify identity" error you may need to restart your web server.

On most Linux distributions running the following should do the trick:

sudo service apache2 restart

If the above command doesn't work, try running:

sudo /etc/init.d/apache2 restart

If an error occurs you may need to change apache2 to httpd for above commands.

As a last resort, run:

uname -a

and copy and paste it to the comments section. I'll send you the right commands based on your Linux distribution.

Automatic SSL Renewal

Let's Encrypt issues SSL certificates for 90 days only.

They need to be renewed before the expiry date otherwise our websites will stop being accessible via https.

Let's test whether our certificates can automatically be renewed first:

sudo letsencrypt renew --dry-run --agree-tos

If you get "Registering without email!" error your certificates can still be automatically renewed. Simply ignore the message and move on to the next step.

Open crontab (as root) for editing:

sudo crontab -e

add the following command:

30 2 * * 1 /usr/bin/letsencrypt renew >> /var/log/letsencrypt/letsencrypt.log

save your changes and exit the editor.

The above line tells cron to execute our command every morning at 2:30am. However, it will only renew our certificates when they are about to expire.

Following the EEFs recommendation, you may want to run it twice a day instead. Let's run at 6:30am and 6:30pm then:

30 6,18 * * *

Certificate Revocation

In case you made a mistake setting up a certificate or you just no longer want to use it, you may revoke it:

sudo letsencrypt revoke -d freedomnode.com --cert-path /etc/letsencrypt/live/freedomnode.com/cert.pem

Please note that the certificate path and name may differ. Edit it according to your environment.

After the certificate is revoked, your website will no longer be accessible via https.

*****

I hope you find this tutorial useful. Please share it with your friends that haven't secured their websites yet. There's no excuse to leave your users unprotected.

In case you run into any problems, shoot me a comment below and I'll get back to you ASAP.

If you like my post, don't forget to share it with your followers.

You can also support me by donating some bitcoins. Thank you!

Subscribe to our newsletter for weekly thoughts and tutorials. You'll receive a FREE e-book as a bonus!

What do you think?
WE THOUGHT YOU'D LOVE THESE POSTS TOO

Are you tired of political parasites getting in your way of life?

If yes, let us help you out with our EXCLUSIVE newsletter.

SIGN UP NOW... IT'S FREE

Hide your financial assets with Bitcoin and other cryptocurrencies.

Make your communication private using open-source cryptographic tools.

Mitigate the risk of single point of failure in anything you do with decentralized technologies.

Are you intersted? Then become our subscriber, receive exclusive content straight to your inbox + claim your FREE e-book!

* required

JOIN THE #1 SOURCE ON BITCOIN AND DECENTRALIZATION.

Freedom Node is the edge every crypto enthusiast needs to get ahead in this industry. Click that sleek button to learn more about exactly​ what it is we offer.

Learn More

STAY INFORMED WITH OUR NEWSLETTER + GET FREE BONUS!

Your email address is safe with us. We promise!

* required