SSL secured!

Thanks to letsencrypt.org my little blog is now SSL/TLS secured.

letsencrypt.org is a great way to make the web a better place, by offering a free and open Certificate Authority (CA). Everyone can receive certificates for their websites. Have a look at their website to learn more about it.

The process itself was a bit of work since godaddy.com, my hosting provider, does not offer a direct implementation of letsencrypt.org. Which makes sense if you consider that certificates are part of their sales program. Setting up a manual certification process was easy enough, although not quite straightforward. I had to dig in and find bits and pieces that were a bit tricky, at least on first glance. Or maybe I am again hunting zebras instead of horses. Luckily I mainly use a Mac to work on, I honestly wouldn’t know what to do on my Windows machine. Maybe I should give that a try some time.

To maybe make it easier for someone, here is what I did:

 

  1. Install homebrew
  2. Install certbot by using the following command in Terminal:
    brew install certbot
  3. Create the certificate using preferred challenge method (I chose http):
    certbot certonly --manual --preferred-challenge http
    (For this step you need to add a file to public_html/www/.well-known/acme-challenge, just follow the steps in Terminal to the letter)
  4. Once completed, you need to access /etc/letsencrypt/live/[your_blog] in order to get a hold of the cert files
  5. Login to cPanel  and go to Security – SSL/TLS
  6. Go to “Install and Manage SSL for your site (HTTPS)”
  7. You need to add both certificate and private key to your domain. The easiest way, in my opinion, is:
    1. Under “Install an SSL website”, select your domain
    2. Copy the certificate, private key and CA bundle as text into the respective text boxes
  8. Add an automatic http to https redirect
  9. Done!