[For Starters] Use Let’s Encrypt to get your website a secure connection

So days before, one of my friend told me the importance which you can have a look at his blog here. I thought that I might try, it’s boring anyway.

So I already got my SSL connection as you can see, there’s a green locker in the address bar.ssl

Disclaimer

I will not responsible for any damage database due to following my tutorial. This tutorial is for Apache, if you are using Nginx, please do not follow this guide.

Type the commands by step and do it properly, you shouldn’t have a problem.

Installing Certbot

First, stop Apache server

killall apache2

If you got Softether VPN Server installed on your machine, please stop the listen of port 443, because this is the SSL connection port

Install Let’s Encrypt by the following command

apt install python-letsencrypt-apache
letsencrypt certonly

Choose Automatically use a temporary web server and wait it until it finishes

Modify Apache config file and “.htaccess” file

Please create a snapshot to avoid any problem

Confirm whether the certs are created or not first, using commands

cd /etc/letsencrypt/archive/"example.org"
ls

 

if you can see cert1.pem, chain1.pem, fullchain1.pem and privkey1.pem, it means the certs has been created successfully

Then you need to modify Apache configuration file

First, type the commands

a2enmod ssl
service apache2 stop

Then you want to let Apache server to listen to port 443, you want to add Listen 443 to the file /etc/aoache2/ports.conf, after you do that, it will looks like this

# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf

Listen 80
Listen 443

<IfModule ssl_module>
Listen 443
</IfModule>

<IfModule mod_gnutls.c>
Listen 443
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

And, you want to edit /etc/apache2/sites-enabled/000-default.conf, it will looks like this

SSLEngine on
SSLCertificateFile /etc/letsencrypt/archive/"example.org"/cert1.pem
SSLCertificateKeyFile /etc/letsencrypt/archive/"example.org"/privkey1.pem
SSLCertificateChainFile /etc/letsencrypt/archive/"example.org"/fullchain1.pem

Save the file and reboot, if you are not allowed to reboot, restart or start Apache2 service using command

sudo service apache restart
sudo service apache start

You also want to modify “.htaccess” file, to redirect http to https

add this thing to the “.htaccess” file

RewriteEngine on
RewriteCond %{HTTP_HOST} ^example\.org$ [NC]
RewriteRule ^(.*)$ https://www.example.org/$1 [R=301,L]

Renew the cert

the cert will expire in 90 days, please renew the cert in 60 days or more but less than 90 days, to renew, using command

./certbot renew

Optimizing WordPress by using plugins to fix insecure contents




No Comments


You can leave the first : )



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.