{"id":8804,"date":"2020-07-27T15:00:12","date_gmt":"2020-07-27T19:00:12","guid":{"rendered":"http:\/\/local.brightwhiz\/?p=8804"},"modified":"2021-12-04T07:21:05","modified_gmt":"2021-12-04T07:21:05","slug":"secure-your-website-lets-encrypt","status":"publish","type":"post","link":"http:\/\/local.brightwhiz\/secure-your-website-lets-encrypt\/","title":{"rendered":"How to Secure Your Website with Let’s Encrypt on Ubuntu 20.04"},"content":{"rendered":"\n
In this tutorial, we will be showing you how to secure your website with HTTPS. It used to be that if you needed to serve your website through HTTPS you would need to purchase a valid SSL certificate for your website. Nowadays you can get a valid SSL certificate for your domain at no cost.<\/p>\n\n\n\n
Let’s Encrypt is a certificate authority (CA) providing free SSL\/TLS certificates. Check out their link here<\/a>. This guide will help you to install Let’s Encrypt client on your Linux<\/a> system and use it to issue an SSL\/TLS certificate for your domain.<\/p>\n\n\n\n The methods here will work for most major Linux distros but in this tutorial, we will be using Ubuntu<\/a>. We will also show you the steps and where applicable we will show you the differences when it comes to Apache<\/a> vs Nginx<\/a>.<\/p>\n\n\n\n Before we get started you would need to have some things in place. With that in mind, we’ll assume you already have:<\/p>\n\n\n\n Before you can start using Let\u2019s Encrypt to obtain an SSL certificate you would need to install the latest Certbot software on your server. Because of vibrant active development, the Certbot packages provided by Ubuntu tend to be outdated. Seeing the Certbot developers maintain a Ubuntu software repository with up-to-date versions, you will want to use the versions from those repositories.<\/p>\n\n\n\n Add the repository using the following command:<\/p>\n\n\n\n Next, install Certbot’s Apache package with apt:<\/p>\n\n\n\n Or, install Certbot’s Nginx package with apt depending on your preferred setup:<\/p>\n\n\n\n Certbot convenient plugins to obtain SSL certificates. Depending on your server you can either use the Apache plugin or Nginx plugin. These plugins will take care of reconfiguring Apache\/Nginx and reloading the config whenever necessary. To use these plugins, use the following commands.<\/p>\n\n\n\n For Apache:<\/p>\n\n\n\n For Nginx:<\/p>\n\n\n\n For the correct domain to work remember that you need to have your VirtualHost <\/em>for the domain already working.<\/p>\n\n\n\n The above commands run Certbot with the –apache<\/em> or –nginx<\/em> plugins, using -d<\/em> to specify the domain names you’d like the certificate to be valid for.<\/p>\n\n\n\n When you run the commands for the first time, you will be prompted to enter an email address and agree to the terms of service. After you agree to the terms, Certbot will communicate with the Let’s Encrypt servers. it will then run a challenge to verify that you control the specified domain name that you are requesting a certificate for.<\/p>\n\n\n\n Next, Certbot will ask how you would like to configure your HTTPS settings using the following prompt:<\/p>\n\n\n\n Certbot will finish the setup with a message telling you the process was successful and where your certificates are stored. You must take note of the location of the certificates:<\/p>\n\n\n\n You can now try and load your website using https:\/\/<\/em> and notice your browser’s security padlock icon. It should show that the site is properly set up and secured. You can also test your server using the SSL Labs Server Test here<\/a>, it will get an A grade.<\/p>\n\n\n\n Let\u2019s Encrypt SSL\/TLS certificates are only valid for ninety days. This is done to encourage users to automate their certificate renewal process and also to reduce the lifespan in case of certificate theft.<\/p>\n\n\n\n Certbot will run a script twice a day to automatically renew any certificate that’s within thirty days of expiration. You can also do a manual check and test the renewal process at any time using the following command:<\/p>\n\n\n\n You should not see any errors meaning all is well. During the course of time, if the automated renewal process ever fails, Let’s Encrypt will send out a message to the email you specified, warning you when your certificate is about to expire. In this case, you may need to update the certificate manually using:<\/p>\n\n\n\n If you get any errors you may need to address them and run the command again.<\/p>\n\n\n\n We have just shown you how to secure your website for free using the Let’s Encrypt client certbot to install the SSL\/TLS certificate. This guide also ensured you got a certificate issued for your domain for your preferred web server of either Apache or Nginx and even showed you how it gets renewed after 90 days.<\/p>\n","protected":false},"excerpt":{"rendered":" In this tutorial, we will be showing you how to secure your website with HTTPS. It used to be that if you needed to serve your website through HTTPS you…<\/p>\n","protected":false},"author":1,"featured_media":8856,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,23,16],"tags":[58,164,304,313,320,354,424,431,433,526,531,598,619,635,636,638,643],"yoast_head":"\nPrerequisites to Secure Your Website<\/h2>\n\n\n\n
Step 1 \u2014 Install Certbot<\/h2>\n\n\n\n
$ sudo add-apt-repository ppa:certbot\/certbot<\/code><\/pre>\n\n\n\n
$ sudo apt install python-certbot-apache<\/code><\/pre>\n\n\n\n
$ sudo apt install python-certbot-nginx<\/code><\/pre>\n\n\n\n
Step 2 \u2014 Obtaining an SSL Certificate<\/h2>\n\n\n\n
$ sudo certbot --apache -d example.com -d www.example.com<\/code><\/pre>\n\n\n\n
$ sudo certbot --nginx -d example.com -d www.example.com<\/code><\/pre>\n\n\n\n
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.\n-------------------------------------------------------------------------------\n1: No redirect - Make no further changes to the webserver configuration.\n2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for\nnew sites, or if you're confident your site works on HTTPS. You can undo this\nchange by editing your web server's configuration.\n-------------------------------------------------------------------------------\nSelect the appropriate number [1-2] then [enter] (press 'c' to cancel):\n\nSelect your choice then hit ENTER.<\/code><\/pre>\n\n\n\n
IMPORTANT NOTES:\n - Congratulations! Your certificate and chain have been saved at:\n \/etc\/letsencrypt\/live\/your_domain\/fullchain.pem\n Your key file has been saved at:\n \/etc\/letsencrypt\/live\/your_domain\/privkey.pem\n Your cert will expire on 2018-07-23. To obtain a new or tweaked\n version of this certificate in the future, simply run certbot again\n with the "certonly" option. To non-interactively renew *all* of\n your certificates, run "certbot renew"\n - Your account credentials have been saved in your Certbot\n configuration directory at \/etc\/letsencrypt. You should make a\n secure backup of this folder now. This configuration directory will\n also contain certificates and private keys obtained by Certbot so\n making regular backups of this folder is ideal.\n - If you like Certbot, please consider supporting our work by:\n\n Donating to ISRG \/ Let's Encrypt: https:\/\/letsencrypt.org\/donate\n Donating to EFF: https:\/\/eff.org\/donate-le<\/code><\/pre>\n\n\n\n
Step 3 Verify Certbot Auto-Renewal<\/h2>\n\n\n\n
$ sudo certbot renew --dry-run<\/code><\/pre>\n\n\n\n
$ sudo certbot renew<\/code><\/pre>\n\n\n\n
Conclusion<\/h2>\n\n\n\n