SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. If you have a website, you should always install an SSL certificate, not only for the safety of your website visitors but also to improve your search engine rankings. How it works though is past my knowledge, I just make sure all my websites load only in HTTPS. That prevents browsers from showing a warning message about my sites not being secure and gives my site visitors more trust. It also shows that you care about your website visitors and search engines see this and prefer to rank https sites over http sites and pages.
If you didn´t already know, SSL does not cost, it is free through LetsEncrypt. Many hosting companies will try to sell you an SSL certificate through Comodo or some other company. The way I see it, if SSL is the norm and being pushed onto us by browsers and search engines, it should be free, not an added expense to make a minority of companies rich whilst adding another expense to a startup website or business. I like Lets Encrypt, they tick all the boxes to what I fight for in the online world.
Ok so lets install Lets Encrypt on a Digital Ocean droplet running LAMP on Ubuntu 16.04. The guide below will show you how to do it step by step and also set a cronjob to renew the certificate automatically. You can also use Lets Encrypt on a virtual host or multisite droplet.
- Open Putty or Terminal and SSH into your droplet
- sudo add-apt-repository ppa:certbot/certbot
- sudo apt-get update
- sudo apt-get install python-certbot-apache
- certbot –authenticator webroot –installer apache -d YOURDOMAIN
- At the prompt, enter 1 to use the web root. (/var/www/YOURDOMAIN/public_html/)
- Select “Redirect All” to run all traffic through HTTPS.
- If the domain is correctly setup and pointing to your droplet, you will get the “Congratulations” message. Next we setup a cronjob to auto renew SSL certificates on your droplet.
- sudo crontab -e
- Add the following line at the bottom of the crontab file:
0 13 * * 0 /usr/bin/certbot renew >> /var/log/le-renew.log
Save and exit the file, you are done!
You can change the cronjob to run at any time you like, I run it every day at 3pm. If you get a problem with your sites going offline, this is most probably because apache isn´t restarting after the Lets Encrypt cronjob. Just add this line to the crontab file which will automatically restart apache 1 minute after running the Lets Encrypt renewal job:
1 13 * * * root /etc/init.d/apache2 restart > /dev/null 2>&1
Now load up your site in a browser and enjoy the free SSL security and green shield, depending on which browser you use.
If you are running multiple sites on a single droplet and wish to add SSL certificates to more than one domain, just follow the steps from 5 to 9.