Free HTTPS within 5 minutes

Does my site need HTTPS?

YES

YOUR SITE NEEDS HTTPS.

“But my site doesn’t have forms or collect information from users.”

Doesn’t matter. HTTPS protects more than just form data! HTTPS keeps the URLs, headers, and contents of all transferred pages confidential.

“There’s nothing sensitive on my site anyway.”

Your site is a liability! Just because your site is hosted safely in your account doesn’t mean it won’t travel through cables and boxes controlled by who knows how many corporate- and state-owned entities. Do you really want someone injecting scripts, images, or ad content onto your page so that it looks like you put them there? Or changing the words on your page? Or using your site to attack other sites? This stuff happens: on airlines (a lot, and again), in China, even ISPs do it (a lot). And HTTPS prevents all of it. It guarantees content integrity and the ability to detect tampering. If we encrypt only secret content, then we automatically paint a target on those transmissions. Keep which of your transmissions contain secrets secret by encrypting everything.

“I can’t afford a certificate.”

They’re free.

“HTTPS is difficult to set up and maintain.”

It just works if you follow this guide.

— HOW TO GET ON HTTPS —

Introduction

Let’s Encrypt is a free, automated, and open Certificate Authority.

Prerequisites

This guide assumes that you have the following:

Step 1 — Nginx Configurations

When you have your server’s IP address or domain, enter it into your browser’s address bar:

http://server_domain_or_IP

Step 2— Installing Certbot

First, add the repository.

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx

Step 3— Setting up Nginx

once again certbot makes our work easier.

sudo nano /etc/nginx/sites-available/default
. . .
server_name example.com www.example.com;
. . .
sudo nginx -t
sudo systemctl reload nginx

Step 4— Allowing HTTPS-443 Through the Firewall

we have already covered this while installing Nginx from the prerequisite section. Just make sure you allowed “Nginx Full” from UFW.

OutputStatus: active

To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
Nginx HTTP ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Nginx HTTP (v6) ALLOW Anywhere (v6)

Step 5— Obtaining an SSL Certificate

sudo certbot — nginx -d example.com -d www.example.com
OutputPlease choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
OutputIMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/example.com/fullchain.pem. Your cert will
expire on 2017-10-23. To obtain a new or tweaked version of this
certificate in the future, simply run certbot again with the
"certonly" option. To non-interactively renew *all* of your
certificates, run "certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Hariom Vashisth

Hariom Vashisth

Full Stack Developer || DevOps Engineer || AWS || GCP || Docker || Kubernetes • Now @airtel • Prev @exzeo @SocialCops @itc • RT's NOT Endorsements • 🇮🇳