{"id":1492,"date":"2019-06-03T22:43:53","date_gmt":"2019-06-03T20:43:53","guid":{"rendered":"https:\/\/nuage.ch\/site\/?p=1492"},"modified":"2019-06-03T16:29:32","modified_gmt":"2019-06-03T14:29:32","slug":"use-lets-encrypt-to-secure-linux-servers-for-free","status":"publish","type":"post","link":"https:\/\/nuage.ch\/site\/use-lets-encrypt-to-secure-linux-servers-for-free\/","title":{"rendered":"Use Let&#8217;s Encrypt to secure Linux servers for free"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">A SSL web certificate is a way to secure your website by encrypting the communication between you and the computer a server is running on and be (almost) sure that what you see was not modified. You see that a communication is encrypted when you have a &#8220;https:\/\/&#8221; at the beginning of a website.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">As an example, my website is secured as you see in the URL.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"265\" height=\"62\" src=\"https:\/\/nuage.ch\/site\/wp-content\/uploads\/2019\/06\/image-6.png\" alt=\"\" class=\"wp-image-1494\"\/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/letsencrypt.org\/\">Let&#8217;s Encrypt<\/a> is a free certificate provider.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Why should you secure your site?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Because it&#8217;s free with <a href=\"https:\/\/letsencrypt.org\/\">Let&#8217;s Encrypt<\/a>! It was very expensive a few years ago, but now you can get a good certificate for free.<\/li><li>Because your site looks more serious when running on https:\/\/<\/li><li>Because you care about your visitors.<\/li><li>Because it&#8217;s easy \ud83d\ude42 setting a SSL certificate was really hard a few years ago.<\/li><li>Because you will get a higher ranking on Google and other search engines.<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>How to secure it if you are just paying a hosting provider?<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you don&#8217;t manage your domain (what most people do), many providers provide a let&#8217;s encrypt certificate for free with just a few clicks!<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">As an example<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.infomaniak.com\/fr\/support\/faq\/2130\/installer-un-certificat-ssl-gratuit-de-lets-encrypt-sur-un-site\">Infomaniak<\/a><\/li><li><a href=\"https:\/\/www.ovh.com\/fr\/hebergement-web\/ssl_mutualise.xml\">OVH<\/a><\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>How to secure your domain if you have a VPS or dedicated server?<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This tutorial will focus on debian \/ ubuntu using apache2.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The first step is to install a virtual host running on http (out of the scope of this article). You should be able to access your website using http:\/\/www.yourdomain.ch<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">You then need to install certbot and python3-certbot-apache.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><code>apt-get install certbot python3-certbot-apache<\/code><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">You can then easily create a https version of your domain running.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><code>sudo certbot -tvv --apache -m you@yourmail.com --redirect --hsts --uir --reinstall -d www.yourdomain.ch<\/code><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you have multiple alias of the same domain.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><code>sudo certbot -tvv --apache -m you@yourmail.com --redirect --hsts --uir --reinstall -d www.yourdomain.ch -d yourdomain.ch<\/code><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">I highly suggest to keep different domains separated! Run the same command on all of them and don&#8217;t use alias for domains that have different purposes.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">And restart apache using<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><code>sudo service apache2 restart<\/code><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Now when you write <strong>http<\/strong>:\/\/www.yourdomain.ch, you should be automatically forwarded to <strong>https<\/strong>:\/\/www.yourdomain.ch<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The certificate are only valid 3 months&#8230; but it&#8217;s a good thing \ud83d\ude42 You need to have a script to renew the certificate automatically.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Test that the &#8220;renew command&#8221; is working correctly.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><code>sudo certbot renew<\/code><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">You should see something like: <em>Cert not yet due for renewal<\/em>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Add a cron to the user root and add a line to update the certificate. The certificate is updated only if needed!<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><code>sudo crontab -e<br>34 02 * * * (certbot renew; service apache2 restart) &amp;>>\/tmp\/certbot.log<\/code><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Now your certificate is (should) setup correctly, and you don&#8217;t have to care about it anymore. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>A SSL web certificate is a way to secure your website by encrypting the communication between you and the computer a server is running on and be (almost) sure that what you see was not modified. You see that a communication is encrypted when you have a &#8220;https:\/\/&#8221; at the beginning of a website. As [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[10,11],"tags":[],"class_list":["post-1492","post","type-post","status-publish","format-standard","hentry","category-geek","category-linux-and-servers"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p50cYU-o4","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/nuage.ch\/site\/wp-json\/wp\/v2\/posts\/1492","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nuage.ch\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nuage.ch\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nuage.ch\/site\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nuage.ch\/site\/wp-json\/wp\/v2\/comments?post=1492"}],"version-history":[{"count":0,"href":"https:\/\/nuage.ch\/site\/wp-json\/wp\/v2\/posts\/1492\/revisions"}],"wp:attachment":[{"href":"https:\/\/nuage.ch\/site\/wp-json\/wp\/v2\/media?parent=1492"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nuage.ch\/site\/wp-json\/wp\/v2\/categories?post=1492"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nuage.ch\/site\/wp-json\/wp\/v2\/tags?post=1492"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}