In the past, the mere mention of the need for an HTTPS certificate on a website was met with groans and sighs from product owners and developers alike. Not only did HTTPS Certificates cost money (most still do), there was also a fear that upgrading to HTTPS would negatively impact any SEO ranking that your site had accrued over time. Luckily, recent comments from Google have finally put this incorrect belief to rest. In fact, in order to advocate for a more safe and secure web, Google has said that they will start penalizing insecure websites in search results.
I know what you’re thinking, “Great, Google is now forcing me to pay money out of my own pocket to stay in their good graces.” If this was a few years ago, I would agree with you. However, with recent advancements in technology, and some great work by an organization called Let’s Encrypt, it is now possible to get HTTPS on your website for free.
My job today is to show you how easy the process can be, by installing a certificate on a live website, and documenting it here for you. We will be upgrading the History Design Studio’s (an affiliate of Harvard University) website from HTTP to HTTPS. When the article is done, we will bask in all of the free HTTPS glory, by visiting the live working site. P.S. This installation will be done on Apache 2, so please keep that in mind.
Let’s begin by installing the SSL certificate on the website's server. In order to access the server, I am going to login via SSH, and configure everything via the command line.
Opening my SSH client, I use the credentials to successfully login, and access the command line. Before we do anything, let's execute a command to make sure we are up to date with our Linux software by typing:
sudo apt-get update
Press y to accept any packages it is asking to install.
One that is all set, the first step to getting our Let’s Encrypt SSL Certificate installed is to add the official Certbot repository to our Linux installation. Certbot is client software that allows our server to fetch an HTTPS certificate from Lets Encrypt. Let’s execute the following command to do this:
sudo add-apt-repository ppa:certbot/certbot
( You should be prompted with the following if the command is successful. )
If the command was executed successfully, go ahead and execute the following command:
sudo apt-get install python-certbot-apache
(You can skip this section if you the above commands worked for you)
If it gives you a “command not recognized error”, try the following command:
sudo apt-get install software-properties-common python-software-properties
You might be prompted to install some new packages when running this, just press Y to accept. If this all works out, you should see something like the following screenshot.
If all goes well, you can try to add the repository again with the prior mentioned command:
sudo add-apt-repository ppa:certbot/certbot
If that works, then you can run the following command:
sudo apt-get install python-certbot-apach
Great, we now have certbot installed! Let’s get ourselves an SSL certificate. Typing the following command will initiate the SSL certificate process. Obviously, insert your own domain instead of the one used here:
sudo certbot --apache -d historydesignstudio.com
(If successful you’ll be prompted with this)
The wizard will also ask you for an e-mail address, and show something like the following, which asks you if you would automatically Cerbot to automatically configure Apache to redirect all HTTP requests to HTTPS for you. I clearly pressed the wrong button, and said no.
If you do somehow make a mistake like me, it's as easy as doing it yourself in the virtual hosts file with something like this:
That’s it! We can now go test out our new Let’s Encrypt HTTPS Certificate is working by going to the live site, and using a 3rd party service.
You should be aware that if you do not opt for automatic renewal, your SSL Certificate will expire after 90 days, and your site will go down. Your best bet is to set up a cron job to do the auto renewal for you. Set it and forget it, instead of having to manually login to your server to execute the command to update it every 3 months!
Via command line just type:
sudo crontab -e
All you need to do is paste a one line command into the editor. Something like this:
45 8 * * 1 /usr/bin/certbot renew >> /var/log/le-renew.log
Which is cronjob speak for, “Check to see if I need to renew my SSL certificate at 8:45 AM every Monday”. If you are using this tutorial online, please do not use the generic time I put in here, use one of your own choosing. There are plenty of resources online that explain how cronjob time formats work.