Https for everything2016-11-18
HTTPS is highly recommended for every web site, as a web developer I am building both my personal and company app under https. Applying for the certificates could be a block for you to migrate/build your site to https as you need to pay for it and it could take quite a while. Thanks to letsencrypt now we can have free open certificate authorify for our sites.
I will list the least steps to build a site by using certbot
wget https://dl.eff.org/certbot-auto chmod a+x ./certbot-auto
After that, you can run
./certbot-auto --help to check if it’s installed successfully.
Use certbot to generate certificates
./certbot-auto certonly --standalone -d www.yourdomain.com -d sub.yourdomain.com
sub.yourdomain.com is online at
80 port as this command will
check the validation. You can ignore
--standalone at the moment, it’s just a plugin
for certbot to generated software independent certificates. After running the command, there will be 4 files generated
/etc/letsencrypt. They are
Usually the web server only needs to point to the previous two for enableing https.
I will go through you how to point to certificates ad different server (nginx, apache) has different way.
You can google for it by yourself
Renew the certificates
The certificates are only valid for 90 days, luckily the renew is easy.
That’s it. If certbot check the certificates are due for renewal, it will renew them.
I also create a daily cron task to renew it automatically.
0 0 * * * ~/certbot-auto renew