I switched all my websites to HTTPS around September 2013, when Eric Mill published a didactic post on his blog explaining how to setup HTTPS certificates on one's website for free. As others, I believe we need to make surveillance as expensive as possible. Making privacy the default on all my websites is a small contribution in this direction: for privacy not to be suspicious, privacy should be on by default over the Internet.
Switch to Let's Encrypt¶
This post used to be much longer, with instructions that are now out-of-date thanks to Certbot, the certification bot from Let's Encrypt. I was pleased to see that the process got smoother and much simpler than what it used to be. With Nginx, you can call Certbot as follows:
sudo certbot --nginx
If like me you prefer to update your configuration files by hand, you can use
the certonly subcommand:
sudo certbot --nginx certonly
Choose your website's FQDN from the list and proceed. Then, go to your website configuration and edit it as follows:
ssl_certificate /etc/letsencrypt/live/my.website.fqdn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.website.fqdn/privkey.pem;
Let's Encrypt certificates expire after 90 days, but certificates should be renewed automatically after 60 days by a Cron job installed automatically with your distribution (e.g. Debian).
Discussion ¶
There are no comments yet. Feel free to leave a reply using the form below.