Introduction

If you already have a website hosted on your server, Do you think you have required encryption for your traffic? Secure Sockets Layer (SSL) certificate can prevent Man in the Middle (MITM) and Identity forgery attacks for your website users. This article can is a good starter if you are looking to host a website.

If you have a limited budget and resources, you can always get SSL for free with let’s encrypt. Let’s Encrypt is a non-profit certificate authority which is run by Internet Security Research Group. It is easy to create, validate, sign, install, and renew the certificates for secure websites. The process can be easily automated by using tools like certbot.

In spite of all these features, Let’s encrypt does have some nuisances. You can only create a basic certificate with Let’s encrypt, i.e. you cannot generate wildcard certificates. Similarly, the certificate has a validity of 90 days only. In order to tackle with short validation period, we can automate the renewal process by using cron jobs which we will be discussing later.

To move further with How tos, Make sure you have apache installed and configured for a site with domain name larasite.dev.

How To

Firstly, We will update the apt-cache for ubuntu server.

sudo apt-get update

Now, Let’s switch the directory to /opt and clone the certbot repository in that directory.

cd /opt/
git clone https://github.com/letsencrypt/letsencrypt

By now, you should have a copy of certbot repository in your /opt/ directory. Change directory to certbort,

cd certbot/
sudo ./certbot-auto --apache -d

Moving further, you will be prompted for an email address, this email address is used for timely notification for certificate renewal. Further, you have to accept the terms and agreements. You will get a prompt to whether get emails for updates related to Electronic Frontier Foundation, You can accept or deny to receive these emails.

Now, the SSL certificates, chainfile and keyfile are now pushed into /etc/letsencrypt/live​ directory. You can configure apache virtual host to use these certificates as any other regular SSL certificates. The virtual host configuration should look like this by now.

<VirtualHost *:80>
        ServerName larasite.dev
        Redirect 301 / https://larasite.dev/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@larasite.dev
        ServerName larasite.dev
        DocumentRoot /var/www/larasite.dev/public
         <Directory /var/www/larasite.dev/public>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLCertificateFile /etc/letsencrypt/live/larasite.dev/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/larasite.dev/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

As mentioned earlier, This SSL is only valid for 90 days and needs to be auto renewed at any time between those 90 days. To renew the certificate you can use the following command in you terminal or command shell.

cd /opt/certbot/
./certbot-auto certonly --apache --renew-by-default --apache -d larasite.dev

Conclusion

Finally, You can now enjoy the encrypted traffic to your website making it less prone to MITM attacks while preventing identity forgery attacks. You should be able to see the https:// text along with lock icon in the navigation bar on your browser.