How to secure your site using Lets Encrypt

If you have your own site, encrypting is something that should be mandatory. Not only does it makes your site secure against hackers/crackers but also google rank those sites higher who serve their site on https.

Here’s how you can secure your wordpress based site using certificate provide by Lets Encrypt.

Some background:

I am quoting the following direct from the Let’s Encrypt site:

To enable HTTPS on your website, you need to get a certificate (a type of file) from a Certificate Authority (CA). Let’s Encrypt is one such CA. In order to get a certificate for your website’s domain from Let’s Encrypt, you have to demonstrate control over the domain. With Let’s Encrypt, you do this using software that uses the ACME protocol, which typically runs on your web host.

If you have shell access (that is if you can connect to your host using PuTTY), you can follow the instructions provided here to install certbot.

Process:

Assuming your wordpress site runs on nginx web server on Debian 9, here’s how to do it:

Add the repository source in your sources.list:

deb http://ftp.debian.org/debian stretch-backports main

to your /etc/apt/sources.list (or add a new file with the “.list” extension to /etc/apt/sources.list.d/)

Then run:

sudo apt-get update

After that run following command to install the cerbot:

sudo apt-get install python-certbot-nginx -t stretch-backports

Press Y when a confirmation is asked to install the certbot.

After the installation complete, a setup process will begun, which will ask you details about the certificate. It will ask for an email address and to agree to the Terms and condition.
Then it will ask if you want them to share the email address with EEE (Electronic Frontier Foundation).

Now it should work, but if it doesn’t you will see an error like this:

If that’s the case, follow these steps:

Now run following command to start activating https:

sudo certbot --nginx

Then it will ask in what domain hosted on your server you want to activate the https for. You can just press enter to activate it for all domains or enter the number corresponding to the domain on which you want to activate https.
Then it will ask if you want to redirect all traffic to the site to https. Selecting this option will make changes to your nginx configuration to redirect any web requests to https.

You should get a confirmation that your site is being served via https.

Now your browser should show a padlock icon and it should be completely green.

But if in case it shows a warning like this:

Then just install a plugin called, “Realy Simple SSL” and activate it. After which you should get complete SSL:

Now you are all set. Congrats!

HTTPS Maintainence:

Once you have successfully installed certificates and activated it, you can refer this page to get the documentation required to maintain the certificate. You would also need to renew the certificates every 90 days if you are not setting up automation to do the same.

Some basic commands are:

List of All Certificates

certbot certificates

Use this command to see the list of all certificates installed on your server and to see when is their expiry dates.

Revoke a Certificate

certbot revoke --cert-path /etc/letsencrypt/live/CERTNAME/cert.pem

Use the command to revoke a certificate. It takes the path to the certificate file as parameter.

Renew a certificate

certbot renew

Use that command to renew a certificate.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.