Why secure Apache server with TLS/SSL certificate and how to do so using Let’s Encrypt–a free, automated, and open Certificate Authority

This weekend I learned something about HTTPS and the reasons for forcing all requests to redirect to https rather than letting requests going through unencrypted http traffic.

In a nutshell, it is about security. Https stands for “Hyper Text Transfer Protocol” with Secure Sockets Layer (SSL). It essentially provides critical security and data integrity for the communications between the website and the users’ browsers. Which in turn protects users’ personal information.
In the absence of a SSL encryption, intruders can exploit unprotected communications through almost every unprotected resource such as images, cookies or scripts to trick users into giving up sensitive information and create security vulnerabilities. They may also passively listen to unprotected HTTP communications between the website and users.

Here is how you set up TLS/SSL certificate on Linux(Ubuntu).
update local apt package indexes and install the Let’s Encrypt client:

sudo apt-get update
sudo apt-get install python-letsencrypt-apache

Run the interactive installation and obtain a certificate via the letsencrypt command, where YOURWEBSITE.com is your domain. The setup is quite straightforward, the letsencrypt client will automatically obtain and install a new SSL certificate for your domain:

sudo letsencrypt --apache -d YOURWEBSITE.com

Wait for the dependencies to be installed, after that you will be presented with a step-by-step guide to customize your certificate installation options. First you will be asked to provide an email address for lost key recovery. Secondly, you will be asked to choose between enabling both http and https access or forcing all requests to redirect to https. The safest option is to choose https, unless you have a specific need for unencrypted http traffic.

You can find generated certificate files in the following dir:

/etc/letsencrypt/live

You can check your certificate at

https://www.ssllabs.com/ssltest/analyze.html?d=YOURWEBSITE.com&latest

Test your website access via a https prefix

The newly generated certificate is valid for 60 or 90 days. You can choose to manually renew it

sudo letsencrypt renew

please note that the system will renew the certificate only if it is less than 30 days away from expiration

Alternatively, you can set up auto renewal via corn job:

sudo crontab -e

add the renewal command to the end of the corntab file

"renewal time" * * "day" /usr/bin/letsencrypt renew >> /var/log/le-renew.log