Ok, so I have wanted to set up HTTPS on my personal sites for a long time now, but I haven’t done so. I also hadn’t really explored how to do it yet. I had heard about LetsEncrypt but when I had tried it on my server I ran into some road blocks since it was out of date. Here was what I tried and how I got it working. I tried to do this on a very simple site that just had HTML and CSS.
I created a new Linode, a small one, and set up Ubuntu 17.10.
I installed apache and python.
I followed the let’s encrypt setup here:
$ sudo apt-get update $ sudo apt-get install software-properties-common $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install python-certbot-apache
$ sudo certbot --apache
I needed to actually have the site set up before that last line would work. So I set up a git repository to push some of the html/css to. I created a new directory in /var/www, and then set it up using this script I had from a while ago.
$ python create_repo.py flipsidenews.git /var/www/flipsidenews.com/
I set up the apache configuration here
$ cd /etc/apache2/sites-available/
I copied over my new configuration. One thing to note was that usually I had ended the apache configuration files just with the name of the website. This did not work here on this version of Ubuntu. I needed to have a file that ended in .conf before enabling it.
/etc/apache2/sites-available$ sudo mv flipsidenews.com flipsidenews.com.conf
/etc/apache2/sites-available$ sudo a2ensite flipsidenews.com.conf
Then I reloaded apache
$ systemctl reload apache2
and then I tried the certbot setup again
$ sudo certbot — apache
This worked — I then set it up with both the www and non-www versions of the site. I took a look in the apache sites available directory afterwards and it looks like the certbot program rewrites these files. It does a rewrite on the original file, adding lines I did not write in there:
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.flipsidenews.com [OR]
RewriteCond %{SERVER_NAME} =flipsidenews.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
And then adds a new file flipsidenews.com-le-ssl.conf which contains the configuration on port 443.
<IfModule mod_ssl.c> <VirtualHost *:443>
ServerAdmin EMAIL ServerName flipsidenews.com ServerAlias www.flipsidenews.com DocumentRoot /var/www/flipsidenews.com
<Directory /var/www/flipsidenews.com> Options Indexes FollowSymLinks AllowOverride All </Directory>
Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/flipsidenews.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/flipsidenews.com/privkey.pem </VirtualHost> </IfModule>
Then I tested out the site and it worked! Had the lock for the HTTPS setup. I needed to adjust some urls to make sure the CSS was served on HTTPS too.
Test it out at httpS://flipsidenews.com.