It is a known fact that moving to HTTPS has its own advantages mostly in terms of security, privacy and search engine ranking boost. There is a huge spike in the graph of the websites using HTTPS in the last year or so, and it has not gone unidentified. Webmasters are now aware of the importance of moving from HTTP to HTTPS. Previously, the major issues which webmasters faced were the pricing and difficulty to setup an SSL to their domain. It was not required for bloggers who don’t run any mission critical portals.
Now, there are many SSL providers like Comodo, StartSSL, Letsencrypt, etc., who provide free SSL certificates for everyone. Currently, Let’s encrypt is one of the most widely used, free SSL providers with easy installation.
Advantages Of Using Let’s encrypt:
- Free SSL. (obviously)
- Easy installation compared to other providers.
- Available in all regions.
- Validates domains without requiring MX records/email access.
- Automatic renewal.
Disadvantages Of Using Let’s encrypt:
- No extended validation certificates.
- No wildcard certificates.
- Rate limits for certificate issuance.
Despite the disadvantages, I would recommend you to go for Let’s encrypt. These points come into picture only for legitimate websites and mission-critical portals. A regular blog doesn’t get affected with any of these.
How To Secure Cpanel WordPress With Letsencrypt Free SSL
The easiest way is to use the hosting which provides inbuilt Let’s encrypt software. Not every hosting provider will give you this pre-installed feature, but sources say that many have already started adding Let’s encrypt feature into their hosting system. As you can see, there are very few shared hosting providers who already have enabled this feature. So likely, you have to go with Dreamhost or Siteground for now.
Setting up Let’s encrypt in Dreamhost & Siteground:
Being among the popular WordPress hosting providers, they are currently offering in-built Letsencrypt integration which is very easy.
In Dreamhost, you only need to login to your dashboard and under the domains section, you need to click on secure hosting.
Then click on Add Secure Hosting. In the next page, you just need to select the domain and click on Add Now. This will initiate the process and your Free SSL certificate with Let’s encrypt will be done.
In Siteground, login to your Cpanel and scroll down to the security section. Under this, you will find the Let’s encrypt icon; click on it.
This will take you to the installation page, where you need to select the domain and click Install.
For Web Hosts which do not provide this feature, you have to follow a lengthy procedure where which differs from one host to another. Most of the providers have a guide to install 3rd party SSL certificates on their web host, like Bluehost & Hostgator. If you cannot find any such documentations, contact the hosting provider.
How To Secure Apache With Let’s Encrypt Free SSL On Ubuntu
For websites hosted on Apache, you need to run few simple commands on the server to install and configure Let’s encrypt. It’s easy to execute the commands if you have basic knowledge, but don’t mess around with the server if you are just a noob.
Step 1: Login to the server
Make sure you login with a username which has sudo access to the server.
Step 2: Update and Install Git
You need to update the server and install git in order to download Let’s encrypt directly from github. Here are the commands.
sudo apt-get update sudo apt-get install git
Step 3: Download and install Let’s encrypt client
Running the following command will download the Let’s encrypt client from official repository. The files will be downloaded to /opt, which is a standard directory for 3rd party softwares.
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
Note: You can also install it to any other directory of your choice.
Step 4: Generate and Setup SSL certificate
Then access the letsencrypt directory.
cd /opt/letsencrypt
To execute the installation and obtain a certificate for the domain, use the second
./letsencrypt-auto --apache -d example.com -d www.example.com
(Replace “example.com” with your domain name.)
After executing them, you will be asked to customize the options and agree to the terms and conditions. Provide a proper email address for lost key and notifications. Once the installation is finished, a congratulations message is displayed on your console.
Step 5: Setting up auto-renew let’s encrypt certificates
Let’s encrypt provides free SSL certificates which are valid only for 90-days. So, you need to renew the certificate every single time, which is a hectic process. To overcome this, we have something called cron job that will periodically execute the automatic renewal.
We now have to edit the crontab and create a new cron job that will run every week. Run the following command:
sudo crontab -e
Add this at the end of crontab:
30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log
How To Secure Nginx With Let’s Encrypt Free SSL On Ubuntu
For websites hosted on Nginx server, we need to install Let’s encrypt by executing few commands in the server console. As I already mentioned, do not do it if you are not familiar with at least basics of server management.
Step 1: Login to the server
Make sure you login with a username which has sudo access to the server.
Step 2: Update and Install Git
You need to update the server and install git to download Let’s encrypt directly from GitHub. Here are the commands.
sudo apt-get update sudo apt-get -y install git
Step 3: Install Let’s encrypt client
Run this command to download the Let’s encrypt client repository to the /opt directory.
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
Step 4: Generate and Setup SSL certificate
There are different ways of generating SSL. Here we are going to use one of the plugins or authenticators called “webroot” to obtain the SSL certificate.
Go to the default file in the site-enabled directory:
sudo nano /etc/nginx/sites-available/default
Add the below location block in the server block. Save and exit.
location ~ /.well-known {
allow all;
}
Then go to the Let’s encrypt directory:
cd /opt/letsencrypt
Now to initiate the installation, run this command.
./letsencrypt-auto certonly -a webroot --webroot-path=/var/www/html -d example.com -d www.example.com
Note: Replace the highlighted text with the path of the root in your server and domain name.
The Let’s encrypt installation has now been initiated. You will be asked to enter your email address and to agree to the terms and conditions. Once all that is done, a congratulations message will be displayed on the console.
You have now generated the required keys and files for the SSL to work on the domain. All these files are stored in the Let’s encrypt sub-directory.
Private key:
/etc/letsencrypt/live/example.com/privkey.pem
Your certificate:
/etc/letsencrypt/live/example.com/cert.pem
The intermediate certificates:
/etc/letsencrypt/live/example.com/chain.pem
Your certificate and intermediate certificates concatenated in the correct order:
/etc/letsencrypt/live/example.com/fullchain.pem
Step 5: Configuring SSL with web server
Edit the Nginx configuration file which contains the server block (like we did previously). By default its:
sudo nano /etc/nginx/sites-available/default
In the server block, find the following lines and delete or comment them out.
listen 80 default_server; listen [::]:80 default_server ipv6only=on;
Add these lines in the same server block
listen 443 ssl; server_name example.com www.example.com; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
Replace the domain with your domain name.
Finally, add this new server block above the previous one. This will redirect all the HTTP requests to HTTPS.
server {
listen 80;
server_name example.com www.example.com;
return 301 https://$host$request_uri;
}
Save the file and exit.
Step 6: Setting up auto-renew let’s encrypt certificates
Let’s encrypt provides free SSL certificates which are valid only for 90-days. So, you need to renew the certificate every single time, which is a hectic process. To overcome this, we have something called cron job that will periodically execute the automatic renewal.
We now have to edit the crontab and create a new cron job that will run every week. Run the following command:
sudo crontab -e
Add this at the end of crontab:
30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log 35 2 * * 1 /etc/init.d/nginx reload
Problems Faced By Using Let’s encrypt:
Initially Let’s encrypt had many problems in its beta stage, which have been rectified with time. Yet, there was one major problem which I faced:
Too many redirects error – Let’s encrypt [ERR_TOO_MANY_REDIRECTS]:
Most of you must be aware of this error. It occurs when the redirection is not proper or there are too many redirections in the server which doesn’t end at one point thereby forming an infinite loop. Especially when you have high traffic hitting your server.
Solution: Use CloudFlare. In the dashboard, navigate to Crypto. Set the SSL encryption to “Full (Strict)”.
Conclusion
I personally used Let’s encrypt on various blogs and so far, it’s working pretty good for me. But since it’s still not supported directly by many shared web hosts currently, you might have to think about it. If you are hosted on VPS or dedicated servers, go for it without any doubts. Despite few problems I faced, Let’s encrypt looks promising.
