Are you hosting a Web site, which will manage customer data? Is there any sensitive information getting captured on your Web site? If Yes, you must definitely protect your Web site and the trust of your customers by enabling secured, encrypted communication. As a first step towards enabling HTTPS is to install valid certificate from Certification Authority (CA). It has been a tedious process to configure secure channel and a recurring fee also makes people think about the cost of overall process. But thats not a problem anymore, if you wish to enable basic security, LetsEncrypt is here. I came across, LetsEncrypt few days back and found its the most easiest and hassle free approach to enable encryption for a website. And with few steps, I had a website with HTTPS mode ON. Throughout the process of configuring and hosting a sample website, I made use of Vultr, Dot.tk and LetsEncrypt offcourse. You can follow this entire process, without spending a penny. Lets start.
To begin with the process, we need following things
- Virtual Private Server or System with SSH access along with Public IP
- Domain name
- Simple website with Welcome page
Virtual Private Server
Before you begin with the process of configuring LetsEncrypt certificate, you must make sure that we will require SSH access to the system. In case you don’t have SSH access, LetsEncrypt is also available on most of the hosting provider platforms. Check the detailed documentation about Getting started here.
Unfortunately, I didn’t had any infrastructure which provides me SSH access and hence while searching for an option, I came across Vultr. With too many host operating systems to choose from and option to configure hardware with ease, was definitely a turning point for me. Vultr provides intuitive interface to configure system as per the requirements and you can start the system within few minutes. On top of that, Vultr also provides free credit to begin with (there are also additional options to get more free credit). I immediately signed up with them and could boot up my first installation within few minutes. Here are the details of the option that I chose
Disk Space: 15 GB SSD
OS: Cent OS 7 (64bit)
The configuration is sufficient to host a simple static Website. All of this just under $5/mo or $0.007/h. But with free credit, I didn’t pay anything for this server. Note the IP address of the server as we will require it in later stage.
To get the valid certificate from LetsEncrypt, you must own the domain and hence its good idea to get one registered under your name. In case, if you are just trying out, you can get free domain at Dot.tk. Think about a domain name, which is non-existent and with few clicks you should be able to get free domain. Note that, while registering domain, you will be prompted for DNS. Vultr comes with Free DNS, that you can configure and use for your Web site. I used following DNS, but its better you should check the Admin Panel for updated DNS
Additionaly, you will have to enter the IP address of the server created in prior step (VPS).
Lets begin with Webserver setup, so that we can build a simple website. Find detailed instructions here about installing Apache server on CentOS. Just follow, install Apache section and the system should be ready with webserver.
The next step is to configure Virtual Host for our website. Pay careful attention to the Virtual Host setup step in the same article and make sure you enter the appropriate values for ServerName and ServerAlias.
Once Webserver setup is complete, just hit your domain with http link and you should be able to browse the website. Note that DNS resolution may take some time to resolve the website address. At this stage, you should have a website with no SSL setup.
Setup Default SSL
It is now a time to install default Certificate for our website. The steps to generate one are pretty simple with OpenSSL. You can ignore the setting up Virtual host section, of this article and follow other steps.
Finally, we have reached to a stage, where we can begin with LetsEncrypt certificate generation. As described on the Getting Started guide, you need to install ACME client. I prefer using Certbot client and followed link to configure Apache server on cent os.
You can also check the quality of generated certificate at ssllabs.com. Here is the result of my demo certificate.
In case, if you are seeing a warning about POODLE vulnerability, refer to the steps outlined here for Apache Server.
That is all required to install LetsEncrypt certificate and you should have 90 days valid certificate for your Website. With certbot, the renewal of Certificate will happen automatically.