Trying to Set Up HTTPS for Free with LetsEncrypt and CertBot

Ok, so I have wanted to set up HTTPS on my personal sites for a long time now, but I haven’t done so. I also hadn’t really explored how to do it yet. I had heard about LetsEncrypt but when I had tried it on my server I ran into some road blocks since it was out of date. Here was what I tried and how I got it working. I tried to do this on a very simple site that just had HTML and CSS.

I created a new Linode, a small one, and set up Ubuntu 17.10.

I installed apache and python.

I followed the let’s encrypt setup here:

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache
$ sudo certbot --apache

I needed to actually have the site set up before that last line would work. So I set up a git repository to push some of the html/css to. I created a new directory in /var/www, and then set it up using this script I had from a while ago.

$ python create_repo.py flipsidenews.git /var/www/flipsidenews.com/

I set up the apache configuration here

$ cd /etc/apache2/sites-available/

I copied over my new configuration. One thing to note was that usually I had ended the apache configuration files just with the name of the website. This did not work here on this version of Ubuntu. I needed to have a file that ended in .conf before enabling it.

/etc/apache2/sites-available$ sudo mv flipsidenews.com flipsidenews.com.conf
/etc/apache2/sites-available$ sudo a2ensite flipsidenews.com.conf

Then I reloaded apache

$ systemctl reload apache2

and then I tried the certbot setup again

$ sudo certbot — apache

This worked — I then set it up with both the www and non-www versions of the site. I took a look in the apache sites available directory afterwards and it looks like the certbot program rewrites these files. It does a rewrite on the original file, adding lines I did not write in there:

RewriteEngine on
RewriteCond %{SERVER_NAME} =www.flipsidenews.com [OR]
RewriteCond %{SERVER_NAME} =flipsidenews.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

And then adds a new file flipsidenews.com-le-ssl.conf which contains the configuration on port 443.

<IfModule mod_ssl.c>
<VirtualHost *:443>
 ServerAdmin EMAIL
ServerName flipsidenews.com
ServerAlias www.flipsidenews.com
DocumentRoot /var/www/flipsidenews.com
<Directory /var/www/flipsidenews.com>
Options Indexes FollowSymLinks
AllowOverride All
</Directory>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/flipsidenews.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/flipsidenews.com/privkey.pem
</VirtualHost>
</IfModule>

Then I tested out the site and it worked! Had the lock for the HTTPS setup. I needed to adjust some urls to make sure the CSS was served on HTTPS too.

Test it out at httpS://flipsidenews.com.