SSL on web applications is a norm now. There are several obvious drawbacks of not using ssl on your domains like Man-in-the-middle and Phishing attacks. But there are some other reasons important reasons why you should consider moving your domain to https, even if you do not care about the security risks. One, the browsers don’t trust non-SSL domains and indicate to the user in some way or the other that the website may not be safe. This impacts the brand value of your products. Second, it affects your organic traffic as Google considers SSL as one of the prominent ranking factors. So, it becomes important from SEO point of view as well to use SSL on your website/application.
It is basically a mechanism to digitally authenticate a website. These certificates are used to encrypt traffic between a user’s browser and a web server. Which means if this certificate is missing, there will be no encryption and user’s data will be at risk.
You can purchase an SSL certificate from your domain name providers like Godaddy or Namecheap or BigRock. But that is not cheap, it has to be renewed every year and it’s a tad bit of effort as well to install these certificate on your server (varies depending on your os and web server).
LetsEncrypt is a non-profit organization, trying to make the internet a more secure place by providing free and automated SSL certificates to everyone. The certificates last for 90 days, after which it has to be renewed. A cron job can be set up to automatically keep renewing the certificated.
Certbot is an awesome utility which can be installed on any server, where your website is residing. On certbot instructions page, you can select your OS and webserver and will provide you a list of instructions on how to install and what to do. These are pretty much self-explanatory. For example, if I select Nginx and Ubuntu 18.04, I will be presented by these instructions:
Here, we are just adding the certbot repository to our local server, so that we can install it using apt package manager later.
Once we added the repositories in the previous step, we are installing the certbot tool here, just like any other ubuntu utility.
There is no next step left after this, it will edit your web server configuration and restart it. It will even setup redirection from http to https in your web server configuration automatically.
This is just one single command which can be setup as a cron or can be run manually every 90 days. You will receive a mail when your certificate is about to be expired!
And you will get all this for free, not even registration of any kind is required. If you really loved LetsEncrypt and want to contribute, you can donate here: https://letsencrypt.org/donate/