After watching a talk about encryption from Yan Zhu online (JSConf Budapest 2016 – Encrypt the Web For $0) I decided to try Let’s Encrypt again to enable HTTPS on a website. I used Let’s encrypt before in November 2015. At that time the Let’s Encrypt project was in private beta and required a lot of manual configuration to get things configured. But right now the tools to configure Let’s encrypt seem really really mature.
To enable HTTPS on a website, you need to get a certificate file from a Certificate Authority (CA). Let’s Encrypt is a Certificate Authority.
My server runs Debian Jessie (version 8) and the webserver is Apache (version 2.4). I have access to the server through SSH. When shell access is available, Let’s Encrypt recommend to use the Certbot ACME client. It can automate certificate issuance and installation without downtime.
Configure webserver with Certbot
First add backports to the Debian /etc/apt/sources.list config.
deb http://ftp.debian.org/debian jessie-backports main
Install the Cerbot client.
# apt-get install python-certbot-apache -t jessie-backports
Start the interactive configuration process to enable HTTPS for the selected websites.
# certbot --apache
That’s it already! Now everything should be configured!
Optionally test your new Apache config with the following command
# apachectl configtest
The Certbot packages come with a cron job that will renew certificates automatically before they expire. Let’s Encrypt certificates last for 90 days. To test the certificate renewal
# certbot renew --dry-run
Test host certificate
The free online SSL Server Test from Qualys SSL Labs performs a deep analysis of the configuration of any SSL web server on the public Internet. Go test your new configured website.
- JSConf Budapest, community conference about JavaScrip in Budapest, Hungary
- Yan Zhu’s talk – Encrypt the Web For $0
- Let’s Encrypt. Free, automated and open Certificate Authority
- Automatically enable HTTPS on your website with EFF’s Certbot, deploying Let’s Encrypt certificates
- Qualys SSL Labs- SSL Server Test