The SSL (Secure Sockets Layer) certificate will help your website show HTTPS sign. This means you can securely transfer information from point A and B. SSL is critical when transferring sensitive information. You might find why Google is forcing SSL certificate this year to be useful. In this guide, you will learn how to install SSL certificate from Let’s Encrypt on your websites.
Before we begin, here are 3 ways to add SSL to your website:
- Some hosts offer it for free.
- Some offer paid services and will implement the certificates for you.
- If you have the time and expertise, you can follow this guide to generate your own free SSL certificate.
Different types of SSL Certificates
There are different types of SSL certificates that will add authenticity and trust but it will depend on your needs. If you are an E-commerce website, you should go for Extended Validation (EV).
- Domain Validation or DV
- Organization Validation or OV
- Extended Validation or EV
Requirements for Installing Free SSL Certificate
Before we begin with what you need, it is important to note that you need full access and control of your web server.
A dedicated IP for your website (through a dedicated server or VPS). However, if you are on shared hosting, ask your hosting provider about installing Let’s Encrypt for you.
Important: You can use Server Name Indication (SNI) with one server IP and generate SSL for all sites on that server.
Have information about:
- IP address
- User password (SSH key authentication)
- Server username (admin or sudo privileges)
- Software (IIS, Apache, NginX etc)
- Operating system and version number (i.e Debian 7, Ubuntu, CentOs, etc)
How to Generate & Install SSL Certificate?
After you have figured out what all is needed, you can connect to your server and install a tool to generate an SSL certificate.
- After you log into your server, send SSH commands.
- For Mac, use Terminal, an inbuilt application.
- For Windows, you can download PuTTY.
Install SSL using Certbot: Step-by-Step
Here’s an example on how to install SSL certificate on Nginx on Ubuntu 14.04:
- With the help of IP address, username, and password connect your server over SSH.
$ sudo apt-get update $ sudo apt-get install software-properties-common $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install python-certbot-nginx
- Getting started:
Run this command to get a certificate for you and Certbot will edit your Nginx Configuration automatically to serve it.
$ sudo certbot --nginx
- However, if you are uptight about the configuration of your Nginx, you can run the following command:
$ sudo certbot --nginx certonly
- You will need to provide an email address when prompted.
Agree to the Terms when asked.
Run the commands for Automating Renewal.
$ sudo certbot renew --dry-run
- Now, set up a cron or systemd job to automate the renewal process.
How Can You Do For Other Configurations?
After you have selected your software and system, Certbot website will generate instructions you need to follow to deploy SSL.
Important Things to do After You Install SSL Certificate
1. Secure Backup
The Certbot configuration directory contains your account credentials, certificate, and private keys. It is important to navigate to this location on your server and download a backup.
2. Automate Renewal
Since the Let’s Encrypt certificates are only valid for 90 days, you will need to automate this process to avoid manually renewals.
You can set the cron or systemd job to renew the certificate twice a day. Here are the steps to schedule the cron job that renews the SSL certificate:
- Connect to your server
- Run command: crontab -e
- Choose a text editor i.e. nano, if prompted.
- Run the following command:
52 0,12 * * * root /var/log/letsencrypt/certbot-auto renew --quiet
Note: Replace the location with the one provided when you generated the certificate.
Also, don’t forget to open your website and cross-check if the SSL has been installed or not.
3. Force HTTPS
Even though your site is now on HTTPS, the HTTP version of your site can still be accessed. You should force all visitors and search engines to see the HTTPS version. Also, take steps to fix mixed content warnings and update any proxy-based cloud services like CDNs to work with your new SSL certificate. You simply need to edit your .htaccess file.