Having an SSL-ready website is increasingly important. Google ranks a HTTPS address higher than a HTTP address, and this is set to continue until HTTP is consigned to history.
Here's how to quickly generate SSL certificates and implement them on your web site in mere minutes, and for free.
Free and Easy SSL With Let's Encrypt
Setting up SSL on your website has never been easier thanks to Let's Encrypt, a popular and free SSL certificate authority.
Founded in April 2016, their certbot script and the fact it's a free service has made Let's Encrypt a popular name within the online development world.
Install certbot
This article assumes you already have a Linux web server and domain name you wish to add SSL to. Connect to your server via SSH, and check to see whether or not certbot is already installed with the command:
sudo certbot --versionIf the version number is displayed, then certbot is already installed and you can move on to the next section. Otherwise, you may install certbot with the following command:
sudo apt-get -y install certbotGenerate SSL Certificate
To ensure this article works for all servers, first temporarily shutdown your existing HTTP server with the appropriate command:
sudo service nginx stopsudo service apache2 stopPlease note, the domain name you wish to generate a SSL certificate for must already be pointing to the IP address of your web server. Assuming so, generate a new SSL certificate with the command:
certbot certonlyYou will be prompted to choose a method to verify your domain name. Press 1 to spin up a temporary server instance, and the next prompt will ask for your domain name. Upon entering your domain, certbot will check and ensure the domain name resolves to your server meaning you control the domain, then generate your new SSL certificate.
Configure Nginx
If you're using Nginx as your HTTP server, first determine where your website's configuration file is. This will basically always be within one of the following directories:
- /etc/nginx/sites-enabled
- /etc/nginx/conf.d
Once you know the location of your site's configuration file, open it in a text editor such as nano with the command:
sudo nano /etc/nginx/sites-enabled/default.confAt the very top of the file, add the following lines:
server {
listen 80;
rewrite ^ https://$server_name$request_uri? permanent;
}This will automatically redirect all non-SSL requests to your site to their SSL counterpart. Within the top of the file you will see the beginning of your site's configuration:
server {
listen 80;
server_name domain.com www.domain.com;Modify this and change listen 80; to listen 443 ssl; Then add the following lines underneath:
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;Make sure to replace domain.com in the above lines with your domain name. Save and close the file by pressing Ctrl+W followed by the prompt, and restart Nginx with the command:
sudo service nginx startVisit your web site, and it should now be in SSL without any browser warning regarding an insecure site.
Configure Apache
If you are using Apache as your HTTP server, first locate your web site's configuration file which will most likely be within the /etc/apache2/sites-enabled directory. If you are unsure of the location, run the command:
apachectl -SThis will display all virtual hosts configured on Apache with their respective locations. Once you have located the configuration file, open it in a text editor with the command:
sudo nano /etc/apache2/sites-enabled/default.confAt the top of this file, enter the lines:
<VirtualHost *:80>
ServerName yourdomain.com
Redirect permanent / https://yourdomain.com/
</VirtualHost>Within the existing <VirtualHost *:80> directive change the port from 80 to 443. Inside this directive, add the lines:
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pemMake sure to change domain.com in the above lines with your actual domain. Save and close the file by pressing Ctrl+X followed by the prompt, then restart Apache with the command:
sudo service apache2 startVisit your web site, and it should now be in SSL without any browser warning regarding an insecure site.
Renew SSL Certificates
If any when you ever need to renew the SSL certificates for your web site, this can easily be done with the following command:
certbot renewSite Secured!
Congratulations, now every visitor to your web site will be forced to its SSL version, which is now protected against a newly generated SSL certificate that is signed by a trusted authority meaning your visitors will not receive any security warnings.
In this article you have learned what certbot is, how to generate new SSL certificates, how to configure either Nginx or Apache with SSL, and how to renew your certificates at a later date.
Image Credit: Robert Avgustin/Shutterstock
