Thanks to letsencrypt.org my little blog is now SSL/TLS secured.
letsencrypt.org is a great way to make the web a better place, by offering a free and open Certificate Authority (CA). Everyone can receive certificates for their websites. Have a look at their website to learn more about it.
The process itself was a bit of work since godaddy.com, my hosting provider, does not offer a direct implementation of letsencrypt.org. Which makes sense if you consider that certificates are part of their sales program. Setting up a manual certification process was easy enough, although not quite straightforward. I had to dig in and find bits and pieces that were a bit tricky, at least on first glance. Or maybe I am again hunting zebras instead of horses. Luckily I mainly use a Mac to work on, I honestly wouldn’t know what to do on my Windows machine. Maybe I should give that a try some time.
To maybe make it easier for someone, here is what I did:
- Install homebrew
- Install certbot by using the following command in Terminal:
brew install certbot
- Create the certificate using preferred challenge method (I chose http):
certbot certonly --manual --preferred-challenge http
(For this step you need to add a file to public_html/www/.well-known/acme-challenge, just follow the steps in Terminal to the letter)
- Once completed, you need to access /etc/letsencrypt/live/[your_blog] in order to get a hold of the cert files
- Login to cPanel and go to Security – SSL/TLS
- Go to “Install and Manage SSL for your site (HTTPS)”
- You need to add both certificate and private key to your domain. The easiest way, in my opinion, is:
- Under “Install an SSL website”, select your domain
- Copy the certificate, private key and CA bundle as text into the respective text boxes
- Add an automatic http to https redirect