Skip to content

Latest commit

 

History

History
78 lines (51 loc) · 2.35 KB

5.ssl_certificates.md

File metadata and controls

78 lines (51 loc) · 2.35 KB

5. SSL Certficates

When we connect to a web server, we send packets of data to it. By default, with HTTP, those packets are readable (and sometimes editable) by people between you and the server.

📖 Resources

SSL certificates allow your browser to communicate with any server with no fear of someone being able to intercept your communications.

Technically, a certificate is a document proving the ownership of an encryption key.

⚠️ warning

a frequent misconception with SSL certificates is they can prevent pirates from doing harm to you. SSL certificates is about securing your communications with a server, it does not guarantee that the server has good intentions

5.1 Certbot and nginx

Setting up SSL certificates manually is extremely complicated to get right. Hopefully, amazing guys created tools allowing us to install certificates easily on servers.

Also, SSL certificates used to be paid (and expensive), but thanks to services like Let's Encrypt, we can get simple SSL certificates for free. Some advanced SSL certificates are still paid.

Certbot (create by the EFF) automates SSL certificates installation on most operating systems and web servers.

5.1.1 Installation

Let's tell our server where to look for certbox

apt update
apt install software-properties-common
add-apt-repository universe
add-apt-repository ppa:certbot/certbot
apt update

and let's install it:

apt install certbot python-certbot-nginx

5.1.2 Setup

Before everything, we should nginx to listen to a specific domain name:

nano /etc/nginx/sites-enabled/<something>

and replace server_name: _ by server_name: <domain.tld>. Then restart nginx (and check the domain name works).

Then, let's run certbot:

sudo certbot --nginx

🃏 hints

  • use the domain you have linked to this server's IP

5.1.3 Test

Go to https://<host>, you should see a green lock on your browser.

Let's also test that the auto-renewal works:

certbot renew --dry-run

ℹ️ information

Let's Encrypt certificates are only valid 90 days and need to be renewed at this interval. Thanksfully, certbot automates it for us by creating a Cron job.


We got HTTPS working, let's deploy something real now!