Secure a website with ssl

Secure a website with ssl. My experience.

As all know Google announced a while ago their campaign “HTTPS everywhere” on the web.

So, as I am setting up a new website for a startup one of my priorities was to have the website secure.

As is a startup, I am trying to use as much as possible with open source.Therefore, I decided to not buy yet a SSL certificate, but using

One of mistake was to ask at the beginning a certificate only for www.startup.yyy part. The correct path is to ask for both and non www startup.yyy

Following their documentation on , in my case Apache and Debian 9.

 certbot --apache -d www.startup.yyy -d startup.yyyy

Running this command will get a certificate install on the server and have Certbot will edit Apache configuration automatically.

In case you want to setup Apache configuration manually use:

certbot --apache certonly -d www.startup.yyy -d startup.yyyy

In my case I run the first command.

root@debian ~ # certbot --apache -d www.startup.yyy -d startup.yyyy 

Saving debug log to /var/log/letsencrypt/letsencrypt.log 
Which names would you like to activate HTTPS for? 
1: startup.yyy 
2: www.startup.yyy
Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 

Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel):webmaster@startup.yyyy 

Please read the Terms of Service at 

------------------------------------------------------------------------------- (A)gree/(C)ancel: 

A Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for startup.yyy tls-sni-01 challenge for www.startup.yyy 

Waiting for verification... Cleaning up challenges ..........

At this point I made another mistake, I choose to second option:

2: Secure - Make all requests redirect to secure HTTPS access

which causes an infinite redirect and me spending a couple of hours to solve it. I couldn’t find a proper solution, and in the end, I remove all the redirection of the vhost files.

As I am using Thirtybees open source - is working in Prestashop as well - I could use the back-end to enable SSL for all pages and get the website up and running under HTTPS.

comments powered by Disqus