Samstag, 23. Juli 2016

Installing free of charge SSL certificate from Letsencrypt.org in Apache 2 webserver on Ubuntu 14.04

SSL certificates are cost-free nowadays. Letsencrypt.org is providing a service which lets you get SSL certificates that are free and work in the common web browsers. The following commands must be executed on the same machine on which your webserver is running. Because letsencrypt.org must be allowed to access it. Download the certbot from letsencrypt.org and make the binary executable:
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
Now temporary stop your Apache server, to download the certificates.
sudo service apache2 stop
Now run the certbot program to download the certificates:
./certbot-auto certonly
This program leads you trough a short form process within your terminal. Asking you for the domain you want to secure.

Mind the SSL certificate renewal

The SSL certificate is valid for 3 months. You will get notified about this via the terminal output from the certbot. It looks like this, if you have executed the "./certbot-auto certonly" command at 23.07.2016:
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/my-domain.com/fullchain.pem. Your cert will
   expire on 2016-10-21. To obtain a new or tweaked version of this
   certificate in the future, simply run certbot-auto again. To
   non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:
   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
There's an automatic way to accomplish the renewal: https://community.letsencrypt.org/t/how-to-automatically-renew-certificates/4393. Otherwise just make you a calendar entry and run the command from above again.

Enable the SSL certificate on your web server

Enable SSL in your Apache setup:
sudo a2enmod ssl
Now as you have the certificates, you can integrate them in your Apache 2 VHost configuration at /etc/apache2/sites-available/. Change "example.com" to your domain name.
   SSLEngine on
   SSLCertificateFile    /etc/letsencrypt/live/example.com/cert.pem
   SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
   SSLCertificateChainFile /etc/letsencrypt/live/example.com/fullchain.pem 
Switch the virtual host port from 80 to 443. For this set the following in your Vhost configuration file:
to

Small tweak for SEO

Search engines expect that a web page can be accessed by only one address on your website. To redirect all requests from http to https and ensure that only http://your-domain.com will be requested and not http://your-domain.com "and" http://www.your-domain.com, you can setup the redirect within your VHost file. Add this to the top of the configuration file for your virtual host:
Now restart Apache and happy SSL usage:
sudo service apache2 restart
Eingestellt von um

Keine Kommentare:

Kommentar veröffentlichen

Abonnieren Kommentare zum Post (Atom)