In this article, I’ll show you how to setup HTTPS for your website as long as you have shell/terminal access.

  • We host slothparadise on Amazon Web Services EC2, so we do have shell access to the website.

You should visit https://certbot.eff.org to get customized instructions for your operating system and web server. Let’s Encrypt has more information.

 

1.  Find out what type of web server and operating system you are using.

Open a terminal and ssh into your website.

ssh ubuntu@www.slothparadise.com

Once you are connected, you will see what version of your operating system.

Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 3.13.0-24-generic x86_64)

Next, you should find out what type of web server you are running. I know beforehand that I am running an apache server, so I should check the status of apache.

~$ sudo service apache2 status
* apache2 is running

As a result, at the certbot.eff.org website, I’ll select Apache for Software and Ubuntu 14.04 (trusty) for System.

 

2. Follow the instructions that pop up.

Next up is simply following the instructions for Certbot.

$ sudo add-apt-repository ppa:certbot/certbot

$ sudo apt-get update

$ sudo apt-get install python-certbot-apache

Type Y to continue.

certbot is ready to be used, but we still need to check if the 443 port is ready.

 

3. Check if port 443 is open.

$ sudo apt-get install nmap

nmap is a useful tool on Ubuntu to see what ports you have open.

$ nmap localhost
Starting Nmap 6.40 ( http://nmap.org ) at 2017-04-30 03:52 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00028s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
3306/tcp open mysql

Nmap done: 1 IP address (1 host up) scanned in 0.04 seconds

nmap shows that I do not have 443/tcp open, so that means that I need to add open port 443.

 

4. Open port 443 if it’s not open.

Since I host the website on Amazon Web Services EC2, I have to visit https://aws.amazon.com and log into my account.

Once I’m on my dashboard, I need to visit EC2.

Next, I click on Running Instances.

I click on the running instance that I want to edit, and the checkbox becomes blue.

Afterwards, I look at the bottom of the page where there is additional information in the Description tab and click on the name of the Security Group.

If you click on Actions, you can Edit inbound rules of the Security Group.

For Edit inbound rules, we want to Add Rule HTTPS.

Before:

After:

Hit Save.

 

5. Use cerbot to add HTTPS to your website.

$ sudo certbot --apache

You will get a message to choose whether to allow both HTTP and HTTPS access or only HTTPS. I like option 2, so I type 2 and hit Enter.

If everything worked properly, you should get a Congratulations message.

Now, you can visit your website with HTTPS. Huzzah!

 

Automatic HTTPS certificate renewal

You will also get a message that your certificate will only last 3 months, but luckily, it should renew by itself.

Your cert will expire on 2017-07-29. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew"

However, the Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let’s Encrypt certificates last for 90 days, it’s highly advisable to take advantage of this feature.

You can check the certbot cron entries (automated scheduler):

vim /etc/cron.d/certbot

0 */12 * * * means every 12 hours.

You can test automatic renewal for your certificates to make sure that this automatic renewal will work in the future by running the following command. I like to test that certbot will renew correctly.

certbot renew --dry-run

 

Always redirect to HTTPS

What controls the redirection to HTTPS on apache is the .htaccess file.

You can follow Namecheap’s official documentation on how to force a HTTPS redirection.

.htaccess is typically found in the /var/www/html folder

$ sudo vim /var/www/html/.htaccess

In my .htaccess file, I made sure to have a section with the following:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

php_flag display_errors 1
</IfModule>

This snippet’s most important part is the RewriteRule that states the redirection to https version of the website.

Save the file and restart apache.

sudo service apache2 restart
 * Restarting web server apache2 [ OK ]

Your website should now always redirect to HTTPS.