Here is a step by step guideline to make your Website a safe 🔒place to surf 🏄🏻♀️. A bit of knowledge of the HTTP protocol, command-line and the System your Website is hosted on, is required. Instead of always navigating to the CertBot's website, I thought better having something with clear step-by-step that I can always consult. 🤷🏽♂️ Like a quick note 📝.
Let's start with CertBot. In few words, gracefully stolen from the about section in their website, CertBot is a free, open source software tool for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS.
-
Make sure you know the Software your website is running:
- (replace YOUR_AWESOME_WEBSITE with your domain)
- Paste this website in your browser: https://aruljohn.com/webserver/YOUR_AWESOME_WEBSITE
- You will get your output including:
- Web Server (Apache, NGINX...)
- Technologies (PHP and so on...)
- You will get your output including:
Note that the information we get back may be misleading though: on Plesk servers for example, BOTH Apache and NGINX can be used to serve a web page. In this scenario, the above test will return NGINX, even though the site is served by Apache first and only distributed by an NGINX proxy.
-
Select your configuration
-
You'll be shown the options of getting a default or wildcard certificate
From now on is CertBot provides handy instructions to install the certificate.
- SSH into the server
- Install CertBot
My website is running CentOS6 under Apache
wget https://dl.eff.org/certbot-auto
sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto
- Run the certificate Installer
sudo /usr/local/bin/certbot-auto --apache
At this point, you'll be driven over the easy CertBot installation. It will detect all the domain and you'll be asked for which you'd like to move to HTTPS (default option = all of them)
- Setup the automatic renewal via cronjob
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew" | sudo tee -a /etc/crontab > /dev/null
That's all folks! 🎉
If you'd like to confirm that everything is working as planned, visit this website and check the robustness of your new, secure, Website.
Thanks to @Peppe Mannato ❤️ for this new bit of learning.