If your site doesn't support https and is only accessible via http, visitors will see a "Not secure" label next to the URL in Google Chrome when they visit your site. This will affect some privacy-conscious users, as they may not trust sites marked as insecure. Adding https to your website not only protects your user data from hackers but also safeguards your website from attacks.
Adding https to your site is easy. Firstly, you need to obtain an SSL certificate from a certified authority. You can purchase such certificates through your domain registrar or acquire them from websites such as letsencrypt.com. Let’s Encrypt is a free, automated, and open Certificate Authority provided by the non-profit Internet Security Research Group (ISRG).
Follow these steps to start adding an SSL certificate using Let's Encrypt. The steps provided are based on the Centos and Apache platforms.
To use Let’s Encrypt certificate, we need to install Certbot. Before installing Certbot, you must first enable the EPEL repository. If you already have EPEL repository enabled, you can skip this step:
# yum -y install yum-utils # yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optionalInstall Certbot by running the following command:
# yum install python2-certbot-apacheRun certbot to generate certificate and configure apache settings:
# sudo certbot --apacheAfter running the above command, certbot will list all the domain name of websites running on your server as shown in the following example.
Which names would you like to activate HTTPS for? 1: example1.com 2: www.example1.com 3: sub1.example1.com 4: example2.com 5: www.example2.com Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel):Rather than generating a single certificate for multiple domain names, it is recommended that you generate one certificate per domain. domain names. In this example, we will generate a certificate for the domain example1.com, including its subdomains www.example1.com and sub1.example1.com. To do this, input 1, 2, 3 and certbot will generate a certificate for your selected domain. It will also generate a virtual host configuration file at /etc/httpd/conf.d/example1.com-le-ssl.conf.
Certbot will prompt you whether or not to redirect HTTP traffic to HTTPS, removing HTTP access as follows.Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration.It is recommended that you select 2 to redirect all http request to https access.
- Repeat the above steps for other domains.
Reload apache configuration by running:
# systemctl reload httpd- Your website is now https enabled. You can check whether https works by typing https://www.example1.com in browser.
After your https access is enabled, you need to have Certbot renew certificate automatically. To test automatic renewal for your certificates, run the following command:
# sudo certbot renew --dry-runIf the command runs without errors, add a cron job as follows:
# crontab -eAdd the following line at the end.
0 12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renewSave and exit crontab.
After completing the above steps, your website can now provide secure HTTPS access.