Secure a website with ssl

· by Mirela Boangiu · 2 Minute Read · 353 Words
Linux
linux · security · https
  Comments

Secure a website with ssl. My experience.

As all know Google announced a while ago their campaign “HTTPS everywhere” on the web.

So, as I am setting up a new website for a startup one of my priorities was to have the website secure.

As is a startup, I am trying to use as much as possible with open source.Therefore, I decided to not buy yet a SSL certificate, but using letsencrypt.org.

One of mistake was to ask at the beginning a certificate only for www.startup.yyy part. The correct path is to ask for both and non www startup.yyy

Following their documentation on certbot.eff.org , in my case Apache and Debian 9.


 certbot --apache -d www.startup.yyy -d startup.yyyy

Running this command will get a certificate install on the server and have Certbot will edit Apache configuration automatically.

In case you want to setup Apache configuration manually use:

certbot --apache certonly -d www.startup.yyy -d startup.yyyy

In my case I run the first command.


root@debian ~ # certbot --apache -d www.startup.yyy -d startup.yyyy 

Saving debug log to /var/log/letsencrypt/letsencrypt.log 
Which names would you like to activate HTTPS for? 
------------------------------------------------------------------------------- 
1: startup.yyy 
2: www.startup.yyy
------------------------------------------------------------------------------- 
Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 

Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel):webmaster@startup.yyyy 

Please read the Terms of Service at letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. 

------------------------------------------------------------------------------- (A)gree/(C)ancel: 

A Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for startup.yyy tls-sni-01 challenge for www.startup.yyy 

Waiting for verification... Cleaning up challenges ..........

At this point I made another mistake, I choose to second option:

2: Secure - Make all requests redirect to secure HTTPS access

which causes an infinite redirect and me spending a couple of hours to solve it. I couldn’t find a proper solution, and in the end, I remove all the redirection of the vhost files.

As I am using Thirtybees open source - is working in Prestashop as well - I could use the back-end to enable SSL for all pages and get the website up and running under HTTPS.

comments powered by Disqus

RECENT POSTS

CATEGORIES

TAGS

TAG CLOUD

development ecomm https linux management pmp prestashop project-management security seo typo3 various wamp