Setup free SSL from Letsencrypt
Since 2017 using https is strongly recommended coz it affect on a google page rank and search appearance. In order to use https instead of http you need to use trusted SSL certificate. Surely it's preferred to use some paid certiticates but you may also start with LetsEncrypt free SSL certs. The LetsEncrypt certificates are expiring every month but it's possible to automate re-issue and deploy process .
Let's say we have a website "user.com" with its files located at /home/user/public_html and we want it to be secured with the free SSL certs from Letsencrypt.
1. Create a directory for the certs:
2. Install Letsencrypt:
yum install git #in RHEL, Centos apt-get install git #in Debian, Ubuntu cd /home/user/ && git clone https://github.com/letsencrypt/letsencrypt
You may notice that the new directory appeared: /home/user/letsencrypt. It contains scripts we need for acquiring the certs.
3. As the free certs need to be reissued once per 3 months, it could be a good idea to add this command to cron on monthly schedule:
cd /home/user/letsencrypt/ && ./letsencrypt-auto certonly --email firstname.lastname@example.org --agree-tos --webroot --renew-by-default -w /home/user/public_html/ -d www.user.com -d user.com --authenticator webroot && cp -f /etc/letsencrypt/live/www.user.com/cert.pem /home/user/ssl_certificates/cert.pem && cp -f /etc/letsencrypt/live/www.user.com/chain.pem /home/user/ssl_certificates/chain.pem && cp -f /etc/letsencrypt/live/www.user.com/fullchain.pem /home/user/ssl_certificates/fullchain.pem && cp -f /etc/letsencrypt/live/www.user.com/privkey.pem /home/user/ssl_certificates/privkey.pem
4. If you manually execute the command above, you will have these files from Letsencrypt:
These files can be used in the webserver's conf file to have the website running over https.