I have recently moved my blog to https using free Let’s Encrypt (Linux Foundation Project) certificate.

Let’s Encrypt service works the best, when you have your own server. You just need to configure some scripts that will regularly request new certificates and everything will work automatically. But, even if your site is on shared hosting, it’s still possible to use Let’s Encrypt. You can make the certificate on your machine, I used Ubuntu Linux, and then add them in the web interface of your hoster, of course if this feature is supported. Certificate will be valid for 4 month, and then you will need make a new one.

To say the truth, I did it because search engines and browser vendors will discriminate http-only sites very soon. And, of course, for fun. Green lock icon in address bar looks cool. ^_^

Installation

First of all, you will need to download and run certbot installation script:

wget https://dl.eff.org/certbot-auto
chmod a+x ./certbot-auto
./certbot-auto

Now launch certbot

cd ~/.local/share/letsencrypt/bin/
sudo ./certbot certonly --manual

Input the data:

• Email for contact
• Agree with Terms of Service
• Domain name(s)
• Agree that your IP will be logged.

Approve that you control the domain name. I think this way is the best for the shared hosting. You just need to create a new file on your website:

Make sure your web server displays the following content at
https://avleonov.com/.well-known/acme-challenge/kOMy3BD_bx6_q2ii1SLjgdn00Z74PDW43mRZxrOmX40 before continuing:

kOMy3BD_bx6_q2ii1SLjgdn00Z74PDW43mRZxrOmX40.G1K1JWvR23OjJgtT7zA8R1XA-hPTlT35TREKxOE08_g

Now you can get your certificate:

IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/avleonov.com/fullchain.pem. Your cert will
expire on 2017-03-30. To obtain a new or tweaked version of this
certificate in the future, simply run certbot again. To
non-interactively renew *all* of your certificates, run “certbot
renew”
– If you lose your account credentials, you can recover through
e-mails sent to me@avleonov.com.
– Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
– If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt:   https://letsencrypt.org/donate
Donating to EFF:                    https://eff.org/donate-le

Here they are:

sudo cp /etc/letsencrypt/live/avleonov.com/fullchain.pem ~/Desktop/fullchain.pem
sudo cp /etc/letsencrypt/live/avleonov.com/privkey.pem ~/Desktop/privkey.pem

Upload them in the web interface of your hosting provider.

What’s next?

If you use wordpress, I can recommend “Really Simple SSL” plugin to configure everything related to SSL automatically.

You can also make redirection from http to https in .htaccess file in the root of your site:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{ENV:HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

Alexander Leonov

Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.

А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.