Securing Web Servers with LetsEncrypt

img

  • Kshitij Mittal
  • July 09 2019

Introduction

SSL on web applications is a norm now. There are several obvious drawbacks of not using ssl on your domains like Man-in-the-middle and Phishing attacks. But there are some other reasons important reasons why you should consider moving your domain to https, even if you do not care about the security risks. One, the browsers don’t trust non-SSL domains and indicate to the user in some way or the other that the website may not be safe. This impacts the brand value of your products. Second, it affects your organic traffic as Google considers SSL as one of the prominent ranking factors. So, it becomes important from SEO point of view as well to use SSL on your website/application.

What exactly is SSL certificate?

It is basically a mechanism to digitally authenticate a website. These certificates are used to encrypt traffic between a user’s browser and a web server. Which means if this certificate is missing, there will be no encryption and user’s data will be at risk.

How to get an SSL certificate?

You can purchase an SSL certificate from your domain name providers like Godaddy or Namecheap or BigRock. But that is not cheap, it has to be renewed every year and it’s a tad bit of effort as well to install these certificate on your server (varies depending on your os and web server).

Better alternate - LetsEncrypt!

LetsEncrypt is a non-profit organization, trying to make the internet a more secure place by providing free and automated SSL certificates to everyone. The certificates last for 90 days, after which it has to be renewed. A cron job can be set up to automatically keep renewing the certificated.

Introducing CertBot

Certbot is an awesome utility which can be installed on any server, where your website is residing. On certbot instructions page, you can select your OS and webserver and will provide you a list of instructions on how to install and what to do. These are pretty much self-explanatory. For example, if I select Nginx and Ubuntu 18.04, I will be presented by these instructions:


1) SSH into your server
2) Add CertBot PPA

Here, we are just adding the certbot repository to our local server, so that we can install it using apt package manager later.

3) Install Certbot

Once we added the repositories in the previous step, we are installing the certbot tool here, just like any other ubuntu utility.

4) Install SSL on your domain with this single command

There is no next step left after this, it will edit your web server configuration and restart it. It will even setup redirection from http to https in your web server configuration automatically.

5) Renew in 90 days

This is just one single command which can be setup as a cron or can be run manually every 90 days. You will receive a mail when your certificate is about to be expired!

And you will get all this for free, not even registration of any kind is required. If you really loved LetsEncrypt and want to contribute, you can donate here: https://letsencrypt.org/donate/