Turning HTTP into HTTPS for Free with Let’s Encrypt

Introduction

In today’s digital landscape, securing your website with HTTPS is crucial to protect user data and establish trust. Let’s Encrypt is a widely recognized Certificate Authority (CA) that offers free SSL/TLS certificates. In this blog post, we will guide you through the step-by-step process of turning your HTTP website into HTTPS using Let’s Encrypt.

Step 1: Prerequisites

Before starting, ensure that you have:

  • A registered domain name pointing to your web server
  • Shell access to your server
  • Superuser (root) or sudo access

Step 2: Install Certbot

Certbot is a tool provided by Let’s Encrypt to simplify the certificate issuance process. To install Certbot, follow these instructions:

sudo apt update
sudo apt install certbot

Step 3: Obtain and Install the Certificate

With Certbot installed, you can now obtain and install the SSL/TLS certificate:

sudo certbot certonly --webroot --webroot-path /var/www/html -d example.com -d www.example.com

Replace `/var/www/html` with the actual root directory of your website and `example.com` with your domain name. The command will communicate with Let’s Encrypt, verify domain ownership, and generate the SSL/TLS certificate.

Step 4: Configure Your Web Server

Configure your web server to use the newly obtained certificate:

Apache

If you are using Apache, open the configuration file:

sudo nano /etc/apache2/sites-available/000-default.conf

Add the following lines inside the VirtualHost block:

ServerName example.com
ServerAlias www.example.com
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem

Save the file and exit. Then, reload Apache to apply the changes:

sudo systemctl reload apache2

Nginx

If you are using Nginx, open the configuration file:

sudo nano /etc/nginx/sites-available/default

Add the following lines inside the `server` block:

server_name example.com www.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

Save the file and exit. Then, reload Nginx to apply the changes:

sudo systemctl reload nginx

Step 5: Enable Automatic Certificate Renewal

Let’s Encrypt certificates are valid for 90 days. To ensure uninterrupted HTTPS access, set up automatic renewal:

sudo crontab -e

Add the following line to the crontab file to run the renewal command twice a day:

0 0,12 * * * /usr/bin/certbot renew --quiet

Save the file and exit.

Conclusion

Congratulations! You have successfully turned your HTTP website into HTTPS using Let’s Encrypt. By encrypting the data transmitted between your server and visitors, you enhance security and user trust. Remember to regularly renew your certificate and maintain the configuration to keep your website secure. Enjoy the benefits of a secure and encrypted connection!

Posted

in

by

Murat Bekgi

Tags:

, , , , , , , , , , , , , , , , ,

Comments

Leave a Reply

Discover more from Murat Bekgi's blog

Subscribe now to keep reading and get access to the full archive.

Continue reading