mrkaluzny homepage
Tools & Tech

Why SSL certificate is a must-have in 2020? Securing your websites with Let's Encrypt.

Jan 5, 2020

SSL certificates become more and more important in today’s market. Google updated its policy when it comes to SSL certificates back in 2017, resulting in any site using forms without SSL certificate enabled is marked as "unsecured". It's also possible for users to get prompts about your website being unsafe. Lack of SSL connection to your website will also result in lower SEO ranking. There's really no excuse for not having an https connection on your website in 2020!

Let's encrypt your server!

Personally, I use Forge to manage most of my clients' servers. Forge is a great tool that among other things is installing Let's Encrypt automatically on all managed sites.

If you don't have access to this solution there's a more manual way to install Let's Encrypt, but you need to make sure your hosting provider supports ACME protocol (without this there's no way to automate renewals of the certificates - Let's Encrypt certs need to be renewed every 60 days). The lack of support for renewals essentially eliminates GoDaddy among other providers.

You can use this list to check out if your hosting provider is supporting Let's Encrypt certificates

To start with this tutorial you need:

  • comfort with the command line
  • HTTP website that is online with an open port 80
  • A server that you can access via SSH and run commands as root

Using Certbot on your server

First, you need to ssh into your server as a user that has root privileges. We're going to use Certbot for automating renewals of your SSL cert. This tutorial is showing examples using Ubuntu as an operating system of the server.

Next, we need to install Certbot on your server. We start by adding Certbot PPA to a list of repositories on the server.

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update

Then we install the Certbot

## If you're using Apache
sudo apt-get install certbot python-certbot-apache

## If you're using Nginx
sudo apt-get install certbot python-certbot-nginx

Time to set up your certificate!

## If you're using Apache
sudo certbot --apache

## If you're using Nginx
sudo certbot --nginx

After running the command you will be prompted to enter your email address that will receive information about your certificate status and fill in other details. After providing the domains you want to encrypt Certbot will take care of automatically renewing certificates.

To install Certbot on other environments please check Certbot website for more information.

What's an SSL certificate and HTTPS protocol?

Don’t know the difference between HTTP and HTTPS? You’ll either see http:// or https:// at the start of your website URL.

HTTP stands for Hypertext Transport Protocol, and HTTPS is an extension of that called Hypertext Transport Protocol Secure. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, its predecessor, Secure Sockets Layer (SSL).

This means that your site is protected through authentication and encryption. When installed into the web server, an SSL certificate activates the padlock and HTTPS protocol and allows for secure connections to be made from a browser to the webserver.

The principal motivations for HTTPS are authentication of the accessed website, protection of the privacy and integrity of the exchanged data while in transit. This protocol protects against man-in-the-middle attacks. The encryption of communications between a client and server protects against eavesdropping and tampering of the data sent.

In practice, this provides a reasonable assurance that one is communicating without interference by attackers with the website that one intended to communicate with, as opposed to an impostor.

Why all websites are not using encrypted connections?

Well, there is one problem. The authentication aspect of HTTPS requires a trusted third party to sign server-side digital certificates, which historically was expensive.

That's why full authenticated HTTPS connections were more commonly found only on secured payment transaction services, and other secured corporate information systems.

In 2016 a non-profit organization, Let's Encrypt, began to offer free server certificates to all! Thanks to this development everyone has access to providing secure connections between their servers and clients.

My server provider is not allowing me to install Let's Encrypt, what should I do?

That's a bummer but not really that uncommon!

If your provider doesn't allow to set up SSL certificates, I can recommend 2 great options to set up your server -Digital Ocean and Linode. Which proved themselves over the years working with clients around the world. For polish customers, there's also another option (it's a shared hosting provider) Zenbox which I use along Digital Ocean.

At the time of writing the pricing is really similar so it all comes to personal preference (I prefer Digital Ocean). Using the links in this article you can sign up for Digital Ocean and receive $100 credit for your services which will get you a performant server for a small website for up to 20 months.