How to secure your website with SSL for free
Problem: Nowadays, in case you haven’t noticed or read the news, the world’s most popular browser - Google Chrome - alerts you if a page is not secure and is asking for your information. In order to resolve this you need to install a TLS/SSL certificate on your website server.
Solution: There’s actually a free solution called “Let’s Encrypt.”
Let’s Encrypt is, to use their own description, a “free, automated, and open certificate authority” that allows you to move from the insecure “http” communications between server and client to the “https” secure standard. The goal of Let’s Encrypt is to move the whole Internet from more insecure protocols for better privacy and security.
There are plenty of tutorials out there on Let’s Encrypt, and Let’s Encrypt has very good documentation itself. Since we were using Digital Ocean, we used their tutorial for Ubuntu 16.04 here.
The process is remarkably simple. You’ll need to install the Let’s Encrypt client (generally Certbot, though for the Ubuntu 16.04 repositories it’s called “letsencrypt”).
sudo apt-get update
sudo apt-get install python-letsencrypt-apache
Generating the certificate simply requires one line:
sudo letsencrypt --apache -d mywebsite.com
(replace mywebsite.com with your website)
Let’s Encrypt can also provide a single certificate for multiple domains. If you wanted to do that, you’d simply append the next domain to the previous line with “-d www.mywebsite.com” (note the “www”: make sure that the first domain you give is the top-level domain name, the following ones can be aliases and subdomains).
You’ll walk through a short configuration process, and then can confirm your certificate validity. That’s it!
Oh, there’s one more thing: auto renewal. In order to keep that certificate good, you’ll want to setup auto renewal, likely with a cron job. Edit the root crontab:
sudo crontab -e
and include the following line at the end of the file:
15 1 * * 1 /usr/bin/letsencrypt renew >> /var/log/le-renew.log
You now have a new cron job that will renew the certificate every Monday at 1:15am.
And that’s it. You now have encryption the easy way with Let’s Encrypt!
If all of that is too complicated or you just want someobody to take care of it for you, depending on your situation it may only take us an hour or $75 to do it for you.