If you’re running a website, you probably want it on Google. Google prefers websites that use HTTP and will rank you higher if you are running a secure website. Turning on HTTP for apache on a Raspberry is no different than setting it up on a larger computer. It used to be that you had to buy your SSL certificate. Now, you can use free services to get an SSL certificate for free!
Jump over to Let’s Encrypt to check it out! They’ve just issued their one billionth certificate, so you know it’s a valid service! This post walks you through the steps of getting your Apache website on HTTP.
First, install and configure apache on your Raspberry Pi. Once you’ve got the domain registered and your port forwarding set up, you can apply the Let’s Encrypt certificate. Since we’ve got shell access, you can just run the following commands to install the software and configure apache
sudo apt-get install certbot python-certbot-apache
Now that you’ve got the pieces installed, let certbot work its magic:
root@webs1:~# certbot --apache Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache No names were found in your configuration files. Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel): www.betterdoneyourself.com Obtaining a new certificate Performing the following challenges: http-01 challenge for www.betterdoneyourself.com Waiting for verification… Cleaning up challenges Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf Enabled Apache socache_shmcb module Enabled Apache ssl module Deploying Certificate to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-available/000-default-le-ssl.conf Congratulations! You have successfully enabled http://www.betterdoneyourself.com You should test your configuration at: http://www.ssllabs.com/ssltest/analyze.html?d=www.betterdoneyourself.com
The nice thing about this install script is that it configures SSL for you and puts all the redirect stuff in your configs. Submit a new, secure site index to Google and you’re done! Now, just sit back and watch all the new (secure) traffic.
AND they’re easy to renew!