Lets Encrypt

Written by James McDonald

November 16, 2016

Was doing some work for an Interior Designer based in Newcastle NSW who is using Squarespace as a hosting platform. Squarespace has partnered with Let’s Encrypt to provide SSL https connections for every one of their websites.

I also have a friend who runs a Building Company in Maitland NSW on Squarespace and I configured his to automatically redirect to https too. The reason is that google says “we’re starting to use HTTPS as a ranking signal” they go on to say that this doesn’t replace the need for quality content but every fraction of percent helps when trying to boost your page rank.

Which prompted me to head over to https://letsencrypt.org/ to check it out and I found FREE SSL

So after a really quick speed date with https://certbot.eff.org/ I have SSL’d this blog

Install certbot from the instructions which can be found on the front page of https://certbot.eff.org/ (Just select your web server software and the related OS to get the relevant instructions)

I use nginx so I just run ./certbot-auto certonly

Enter the domain name and any aliases you want to SSL protect e.g. jamesmcdonald.id.au www.jamesmcdonald.id.au. Then choose the webroot plugin, enter the webroot which is the path that your websites files are published to via http e.g. /var/www/jamesmcdonald.id.au/. Once the certificate has been created it will make a set of pem encoded SSL certs in /etc/letsencrypt/live/<example.com>/

Then you update your nginx configuration to redirect from http to https and you have a browser trusted SSL cert for zero $$$.

server {
        # redirect http to ssl host
        listen 80;
        server_name www.jamesmcdonald.id.au jamesmcdonald.id.au;
        return 301 https://jamesmcdonald.id.au$request_uri;
}   

server {
        listen 443 ssl;
        ssl on;
        ssl_certificate /etc/letsencrypt/live/jamesmcdonald.id.au/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/jamesmcdonald.id.au/privkey.pem;

        #... rest of your nginx config 
}

Finally you need to go into any blog software and change any URLs to either start with https://jamesmcdonald.id.au/path/to/image.png or use the more portable //jamesmcdonald.id.au/path/to/image.png

In google chrome you will see whether or not the page is correct by seeing the padlock icon

screen-shot-2016-11-16-at-9-55-56-pm

 

If you see another icon as follows you know you have some resources being pulled in via the http:// scheme and you will need to go into each affected page and change http:// to either http:// or just put it in as //

screen-shot-2016-11-16-at-9-57-49-pm

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

You May Also Like…

How to Research a CPU Upgrade

How to Research a CPU Upgrade

Upgrade Time! Doing a lot of VMWare Workstation virtualization to create labs for self-study and training. Finding...