I’m on HTTPS! Thank you Let’s Encrypt

I recently found out that Let’s Encrypt is a CA that provides free digital certificates. Copy pasta from their website –

We give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free, in the most user-friendly way we can

Awesome!

So this is my journey of how I moved to https.

Things started off smooth, I installed Certbot, a tool that simplifies the whole process.  The installation is pretty straight forward.
After the installation is where we get down and dirty. I used the “automated” instructions of Certbot, because this is just a simple blog after all. If you want more customization, “advanced” instructions are for you.

And the pain begins….

After the installation, I ran the command

Ideally that should have done the trick. Buuuut I ran into a few problems.

 

So after a little help from all over the internet, I did a little trouble shooting.

  • Port 443 was not open. So I opened it up:

  • Then I had to enable SSL with Apache, and restart the server

     

All set! So I tried certbot again, but ran into the same issue. Hmmm… I did quick check on the port and firewall configurations.

Hmmm… strange. No active firewall (that means I did not have “ufw”) and the port was up and kicking. But port 443 was still not accessible to the outside world.

 

Port 443 is closed

 

The next logical check was Amazon’s AWS setting (which is where this website is currently hosted). So I enabled traffic on port 443 through the AWS dashboard, reran certbot and it worked!
I was given an option to redirect all traffic to HTTPS. Being the audacious person that I am, I chose it.

And they lived happily ever after, right? But wait. There’s more!

Since certificates issued by Let’s Encrypt expire after 90 days, it’s convenient to use the auto renew option. I used cron jobs to do just that.

Save and Quit. This will try to renew our certificates every Sunday.

Adarsh

Howdy! You're reading my blog. To know more about me click here

Leave a Reply

Your email address will not be published. Required fields are marked *