SSL is essential for protecting your website, even if it doesn’t handle sensitive information like credit cards. It provides privacy, critical security and data integrity for both your websites and your users’ personal information. Web browsers give visual cues, such as a lock icon or a green bar, to make sure visitors know when their connection is secured. This means that they will trust your website more when they see these cues and will be more likely to buy from you.
Getting SSL certificates often cost you money. If you are looking for a free provider to issue unlimited SSL certificates, here is one solution - Let’s Encrypt
Installing Let’s Encrypt on Apache
I assume you have already installed apache web server and using ubuntu.
Modify the virtualhosts from apache config file
Find the default configuration file for your installed Apache server and modify it.
$ sudo vim /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80> . . </Virtualhost>
modify it to your desired website address eg:
ServerName example.com ServierAlias www.example.com
Install Certbot and python libraries
$ sudo apt-get update $ sudo apt-get install software-properties-common $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install python-certbot-apache
Install certificate using certbot command
$ sudo certbot --apache
it will show the list of available domains you have added to VirtualHost. Hit enter without selecting any number to select all domains.
Press Y or N for other questions.
During installation if you are prompted with message like:
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access
Select option 2 to redirect all requests to HTTPS.
Enable Auto renewal
Let’s Encrypt certificates are issued with a validity of 90 days. We need to manually renew it before its expiry. We can make use of cron to schedule this task and automatically renew our certificate.
We can test automatic renewal for our certificates by running this command:
$ sudo certbot renew --dry-run
To create Cron job to automate renewal, open the cron file by issuing the following command:
$ crontab -e
Enter the following line at the end of the file opened.
47 05,17 * * * certbot renew --quiet --post-hook "sudo service apache2 reload"
Thats all, you are done with installing SSL certificate on your website.
Upgrade all insecure requests to https
This is an additional precaution to make sure your web server is serving https only. Install the header module for apache as follows
$ sudo a2enmod headers
Add the following to apache configuration
<ifModule mod_headers.c> Header always set Content-Security-Policy "upgrade-insecure-requests;" </IfModule>
Restart Apache server
$ sudo service apache2 restart