There was a time when SSL certificates were expensive. Now with Let's Encrypt and Certbot, you can have SSL certificates for free valid for three months renewable. And those certificates are necessary for you to enable HTTPS communication on your website.
A couple of points on why you need HTTPS:
Security By using HTTP, communication is not encrypted. For example, when one authenticates and sends his credentials to your server, the information will be transmitted in clear. Hence, a hacker could potentially capture communication and read your visitor's password.
SEO Google and other search engines nowadays list, in priority, the HTTPS websites. If you only serve HTTP on your website will be at the bottom of the list.
Image Do not underestimate it, but now most people are aware of security measures on the web. HTTPS is one of the most important measures to secure a website that also improves your credibility.
Fortunately, this is pretty easy nowadays, there are a couple of solutions to generate an SSL certificate for your website like ZeroSSL, but as I mentioned, we are going to use Certbot.
Certbot can generate certificates recognized by all modern browsers. It generates certificates with three months validity maximum, but you can renew for three months as long as you want. They also offer wildcard certificates, which I will not explain here (but in a future article).
Here is an example of how to use Certbot if you are using Nginx on Ubuntu 16.04.
First, once Nginx has been installed, define a simple configuration like:
server {
server_name yourdomain.com;
listen 80;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}
Then to install Certbot, use the following instructions:
sudo apt-get update
sudo apt-get install certbot python-certbot-nginx
Finally, just run:
sudo certbot --nginx
Certbot will automatically detect your domain (defined in server_name) and propose to generate an SSL for it. During the process, it will ask whether you want to force redirection from HTTP to HTTPS, I strongly recommend activating it.
Et voilร , your website is protected for the next three months.
The final touch, to automate the renewal of your certificate, schedule a cronjob. Add the following lines to your cron as a superuser (sudo crontab -e).
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/opt/aws/bin:/root/bin
0 16 * * * certbot renew
0 4 * * * certbot renew
Here we are doing the verification twice every day to make sure the certificate will be renewed without any issue on the expiration day.