When we connect to a web server, we send packets of data to it. By default, with HTTP, those packets are readable (and sometimes editable) by people between you and the server.
📖 Resources
SSL certificates allow your browser to communicate with any server with no fear of someone being able to intercept your communications.
Technically, a certificate is a document proving the ownership of an encryption key.
⚠️ warninga frequent misconception with SSL certificates is they can prevent pirates from doing harm to you. SSL certificates is about securing your communications with a server, it does not guarantee that the server has good intentions
Setting up SSL certificates manually is extremely complicated to get right. Hopefully, amazing guys created tools allowing us to install certificates easily on servers.
Also, SSL certificates used to be paid (and expensive), but thanks to services like Let's Encrypt, we can get simple SSL certificates for free. Some advanced SSL certificates are still paid.
Certbot (create by the EFF) automates SSL certificates installation on most operating systems and web servers.
Let's tell our server where to look for certbox
apt update
apt install software-properties-common
add-apt-repository universe
add-apt-repository ppa:certbot/certbot
apt updateand let's install it:
apt install certbot python-certbot-nginxBefore everything, we should nginx to listen to a specific domain name:
nano /etc/nginx/sites-enabled/<something>and replace server_name: _ by server_name: <domain.tld>. Then restart nginx (and check the domain name works).
Then, let's run certbot:
sudo certbot --nginx🃏 hints
- use the domain you have linked to this server's IP
Go to https://<host>, you should see a green lock on your browser.
Let's also test that the auto-renewal works:
certbot renew --dry-runℹ️ information
Let's Encrypt certificates are only valid 90 days and need to be renewed at this interval. Thanksfully, certbot automates it for us by creating a Cron job.
We got HTTPS working, let's deploy something real now!