How to Switch to https for Free!

If you’re running a website, you probably want it on Google. Google prefers websites that use HTTP and will rank you higher if you are running a secure website. Turning on HTTP for apache on a Raspberry is no different than setting it up on a larger computer. It used to be that you had to buy your SSL certificate. Now, you can use free services to get an SSL certificate for free!

Jump over to Let’s Encrypt to check it out! They’ve just issued their one billionth certificate, so you know it’s a valid service! This post walks you through the steps of getting your Apache website on HTTP.

First, install and configure apache on your Raspberry Pi. Once you’ve got the domain registered and your port forwarding set up, you can apply the Let’s Encrypt certificate. Since we’ve got shell access, you can just run the following commands to install the software and configure apache

sudo apt-get install certbot python-certbot-apache

Now that you’ve got the pieces installed, let certbot work its magic:

root@webs1:~# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter 'c' to cancel): www.betterdoneyourself.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.betterdoneyourself.com
Waiting for verification…
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.

1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-available/000-default-le-ssl.conf

Congratulations! You have successfully enabled
http://www.betterdoneyourself.com
You should test your configuration at:
http://www.ssllabs.com/ssltest/analyze.html?d=www.betterdoneyourself.com

The nice thing about this install script is that it configures SSL for you and puts all the redirect stuff in your configs. Submit a new, secure site index to Google and you’re done! Now, just sit back and watch all the new (secure) traffic.

AND they’re easy to renew!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.