How to have HTTPS on my website for free

Requirements:

  • A website to protect with full access to the server
  • 10-15 minutes

Once you have your website, like in the previous articles, for instance, running well on HTTP, you want to activate HTTPS.

Several reasons for that:

  • Security
    With HTTP the communications with the web server are not encrypted so, for example, you log in on that server, a hacker could potentially capture your communicate and read your password.

  • SEO
    Google and others nowadays list first HTTPS website, if you only have HTTP your website will be at the bottom of the list.

  • Image
    This is maybe something we may underestimate, but nowadays tech-savvy people are aware of security measures on the web. HTTPS being one of the most important measures to take to secure a website, it will increase your credibility to your audience.

So there are a couple of solutions to generate SSL certificate for your website easily like ZeroSSL but here I decided to talk about Certbot.

Certbot can generate certificate recognize by all modern browsers. It generates certificates with 3 months validity maximum, but you can renew for 3 months as long as you want. They started to offer wildcard certificate also recently.

Taking into consideration this very website, I used certbot to get my SSL certificate, and here is how.

First of all, I installed nginx on my server, and created a server definition for HTTP and pointing at a local folder.

server {
    server_name yourdomain.com;
    listen 80;
    
    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
}

Then I followed the instructions from certbot website to install on my system: Ubuntu 16.04 with nginx.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx 

Finally just run:

sudo certbot --nginx

Certbot will automatically detect yourdomain.com and propose to generate an SSL for it. During the process, it asks if you want to force visitors to use HTTPS by redirecting people arriving on HTTP to HTTPS. I recommend doing that.

Et voila, my website is protected for the next 3 months.

One last thing, if you want to have an automatic renewal of this certificate you can also add a cronjob. Add these lines to your list as a superuser (sudo crontab -e).

# The following will run the script on the 1st of Jan, Apr, Jul, and Oct at 03:30
30 03 01 Jan,Apr,Jul,Oct * certbot renew
Show Comments