Remember the good old times when most of the internet websites out there were just plain http ? only ones that collected payment info bothered to protect their Client server communications with SSL certificate.
These days are gone, according to this article from the Google security Blog, Starting in July, Google Chrome will mark all HTTP sites as “not secure“, this comes to show us that HTTPS websites are now a standard and if your website isn’t SSL protected, its time to change it …
Now that we understand that SSL certs are no longer a “Nice to have” its time to understand what are our options .
Option 1 – If you are tech savy you can generate a self issued certificate, no need to validate anything, but the down side is that your cert wont be trusted by anyone, so this is a good option for internal sites that dont have any external access.
Option 2 – Go to one of the main certification authorities (Thawte, Digicert, Comodo and many more) and get yourself a cert. This is your best route if you are securing a corporate / e-commerce site. these certs include domain validation, which means these companies made sure that the entity behind this domain is real and trustworthy.
Option 3 -This option is best for people who have there own website, bloggers etc which dont really care about domain validation but do want to keep up with the industry standards, this post is for you .
Let me introduce you to “Let’s Encrypt” : Let’s Encrypt is an open source Certificate Authority. It offers RSA 2048-bit encryption. Getting a certificate and renewal is free and easy, you can have as many as you want.
Lets Encrypt uses a Certbot installer (if you have access to the server that runs your website), It automates certificate creation and installation. The only thing you will have to prove is that you are the owner of the domain name you are trying to get the cert for .
All you need to do is go to here and select the OS you are using and your web server.
For example , if you are using Apache on ubuntu, use these commands to install the certBot :
$ sudo apt-get update $ sudo apt-get install software-properties-common $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install python-certbot-apache
After installing the package, issuing the cert and updating Apache is easy.
sudo certbot --apache
sudo certbot --apache certonly
This process will create the certs AND update the apache config files with the settings.
Thats it !