{"id":2873,"date":"2018-06-12T21:00:58","date_gmt":"2018-06-12T15:30:58","guid":{"rendered":"https:\/\/ravi.rajiniravi.com\/blog\/?p=2873"},"modified":"2018-06-16T17:03:59","modified_gmt":"2018-06-16T11:33:59","slug":"lets-encrypt-ssl-for-your-website","status":"publish","type":"post","link":"https:\/\/ravi.rajiniravi.com\/blog\/2018\/06\/lets-encrypt-ssl-for-your-website\/","title":{"rendered":"Let&#8217;s Encrypt SSL for your website"},"content":{"rendered":"<p>The entire web is moving to HTTPS encryption thanks Google <a href=\"https:\/\/blog.chromium.org\/2018\/02\/a-secure-web-is-here-to-stay.html\" target=\"_blank\" rel=\"noopener\">announcing<\/a> that starting July, with Chrome 68, all HTTP sites will be marked as \u201cnot secure\u201d. They had earlier slightly <a href=\"https:\/\/webmasters.googleblog.com\/2014\/08\/https-as-ranking-signal.html\" target=\"_blank\" rel=\"noopener\">up-ranked sites<\/a> with HTTPS to nudge adoption of encryption which seems to have worked to a certain extant. There is of course, the highlighting of unencrypted forms by almost all browsers.<\/p>\n<p>This site is hosted on BigRock which itself resells <a href=\"https:\/\/www.bigrock.in\/digital-ssl-certificate\/\" target=\"_blank\" rel=\"noopener\">certificates<\/a> from Rs.1,425\/year (+tax) and costs as much as the hosting itself! If you don&#8217;t want such an expensive solution to begin SSL journey with, there is <a href=\"https:\/\/letsencrypt.org\/\">Let\u2019s Encrypt<\/a>. Let&#8217;s Encrypt gives free 3 month certificates that is as good as the best. If you are running on a Linux hosting plan and have CPanel access, here are the steps to set up SSL on your site.<\/p>\n<ol>\n<li>Generating a Private Key\n<ol>\n<li dir=\"ltr\">Login to cPanel on your Hosting service<\/li>\n<li dir=\"ltr\">In the <strong>Security<\/strong> section, click on <strong>SSL\/TLS Manager<\/strong><\/li>\n<li dir=\"ltr\">Under <strong>Private Keys (KEY)<\/strong>, click on <strong>Generate, view, upload, or delete your private keys<\/strong><\/li>\n<li dir=\"ltr\">Set the Key Size to <strong>2,048 bits<\/strong><\/li>\n<li dir=\"ltr\">Description can be blank; or name it if you want to identify the private key easily (helpful if you have multiple sub-domains)<\/li>\n<li dir=\"ltr\">Click on <strong>Generate <\/strong>to generate the <strong>Private key <\/strong>and keep it handy<strong><br \/>\n<\/strong><\/li>\n<\/ol>\n<\/li>\n<li>Generate a Public Key (Certificate Signing Request)\n<ol>\n<li dir=\"ltr\">Return to SSL Manager<\/li>\n<li dir=\"ltr\">Under <strong>Certificate Signing Requests (CSR)<\/strong>, click on <strong>Generate, view, or delete SSL certificate signing requests<\/strong><\/li>\n<li dir=\"ltr\">Select the Key you\u2019ve generated (the name you gave in 1.5 above helps)<\/li>\n<li dir=\"ltr\">Enter your domain name for which you\u2019d like to install SSL\n<ul>\n<li dir=\"ltr\">If you have subdomains, you can generate Wildcard certificates that allow you to secure a domain and any subdomains under that domain &#8211; read the &#8216;advanced option&#8217; section in the page<\/li>\n<\/ul>\n<\/li>\n<li dir=\"ltr\">Fill in the company details along with the email address<\/li>\n<li dir=\"ltr\">Set a random alphanumeric Passphrase<\/li>\n<li dir=\"ltr\">You can leave the Description blank<\/li>\n<li dir=\"ltr\">Click to <strong>Generate <\/strong>the <strong>Encoded Certificate Signing (CSR) Request<\/strong> and keep the CSR handy<\/li>\n<\/ol>\n<\/li>\n<li>Generate the Certificate &#8211; Use anyone of the <a href=\"https:\/\/letsencrypt.org\/docs\/client-options\/\" target=\"_blank\" rel=\"noopener\">ACME clients<\/a> that Let&#8217;s Encrypt supports to verify that you control a given domain name and to get your certificate; I used SSL for free and the following steps are for the same.\n<ol>\n<li>Goto <a href=\"https:\/\/www.sslforfree.com\/\" target=\"_blank\" rel=\"noopener\">SSL for free<\/a><\/li>\n<li>Enter the domain name for which you&#8217;d want the certificate &#8211; Note it has to the same as 2.4 above<\/li>\n<li>Chose manual verification\n<ul>\n<li>All verification options &#8211; FTP, manual or manual (DNS) &#8211; are fairly easy but I found manual is a breeze<\/li>\n<\/ul>\n<\/li>\n<li>Click on Manual verification<\/li>\n<li>\u00a0Follow the steps given\n<ol>\n<li>Download the file generated from the link given<\/li>\n<li>Create 2 folders in your domain; &#8220;.well-known&#8221; &gt; &#8220;acme-challenge&#8221;<\/li>\n<li>Upload the downloaded files to the &#8220;acme-challenge&#8221; folder<\/li>\n<li>Verify successful upload by visiting the link given<\/li>\n<li>Check the &#8220;I have my own CSR&#8221; box\n<ul>\n<li>Note: SSLforfree can directly generate private keys in your browser using the <a href=\"http:\/\/www.w3.org\/TR\/WebCryptoAPI\/\" target=\"_blank\" rel=\"noopener\">Web Cryptography API<\/a>. You can choose this option and not do Steps 1 &amp; 2 above with your hosting service provider.<\/li>\n<\/ul>\n<\/li>\n<li>Paste the CSR generated from 2.8 above<\/li>\n<li>Click Download SSL Certificate<\/li>\n<li>Download the certificate file or copy the <strong>CRT<\/strong> and <strong>CA Bundle <\/strong><\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<\/li>\n<li dir=\"ltr\">Install the Certificate\n<ol>\n<li dir=\"ltr\">Goto your cPanel<\/li>\n<li dir=\"ltr\">In the <strong>Security<\/strong> section, <strong>Manage SSL sites under Install and Manage SSL for your site (HTTPS)<\/strong><\/li>\n<li dir=\"ltr\">\u00a0Select your domain name for which you want to setup the certificate<\/li>\n<li dir=\"ltr\">Now copy <strong>CRT<\/strong>, <strong>Private Key<\/strong> and <strong>CA Bundle<\/strong><\/li>\n<li dir=\"ltr\">Click on <strong>Install Certificate<\/strong><\/li>\n<li dir=\"ltr\">Click on <strong>OK<\/strong><\/li>\n<\/ol>\n<\/li>\n<li dir=\"ltr\">A few minutes later, check if the site is resolving on HTTPS.<\/li>\n<li dir=\"ltr\">Most Linux Hosting providers have the <em>mod_rewrite<\/em> module enabled and you can make use of this module to automatically redirect visitors from HTTP to HTTPS.\u00a0 All you need is the following code in <em>.htaccess <\/em>file\n<ul>\n<li dir=\"ltr\">RewriteEngine On<\/li>\n<li dir=\"ltr\">RewriteCond %{HTTPS} off<\/li>\n<li dir=\"ltr\">RewriteRule (.*) https:\/\/&lt;common_name&gt;%{REQUEST_URI}\n<ul>\n<li dir=\"ltr\">The &lt;common_name&gt; needs is the Name for which the Digital Certificate is issued i.e., 2.4 above.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li dir=\"ltr\">Set the Address (URL) to HTTPS\n<ol>\n<li dir=\"ltr\">Login to your WordPress site<\/li>\n<li dir=\"ltr\">Goto WordPress <strong>Dashboard<\/strong> &gt; <strong>Settings<\/strong> &gt; <strong>General<\/strong><\/li>\n<li dir=\"ltr\">Begin both the <strong>WordPress Address (URL)\u00a0<\/strong> and <strong>Site Address (URL) <\/strong>with HTTPS<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<p>That&#8217;s it, you are done with setting up SSL!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The entire web is moving to HTTPS encryption thanks Google announcing that starting July, with Chrome 68, all HTTP sites will be marked as \u201cnot secure\u201d. They had earlier slightly up-ranked sites with HTTPS to nudge adoption of encryption which seems to have worked to a certain extant. There is of course, the highlighting of [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":3979,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"book_review_cover_url":"","book_review_title":"","book_review_series":"","book_review_author":"","book_review_genre":"","book_review_isbn":"","book_review_publisher":"","book_review_release_date":"","book_review_format":"","book_review_pages":"","book_review_source":"","book_review_rating":"","book_review_summary":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[8],"tags":[],"class_list":["post-2873","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"jetpack_featured_media_url":"https:\/\/ravi.rajiniravi.com\/blog\/wp-content\/uploads\/2021\/01\/photo-1547139559-c89c59d117611.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ravi.rajiniravi.com\/blog\/wp-json\/wp\/v2\/posts\/2873","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ravi.rajiniravi.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ravi.rajiniravi.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ravi.rajiniravi.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ravi.rajiniravi.com\/blog\/wp-json\/wp\/v2\/comments?post=2873"}],"version-history":[{"count":6,"href":"https:\/\/ravi.rajiniravi.com\/blog\/wp-json\/wp\/v2\/posts\/2873\/revisions"}],"predecessor-version":[{"id":2891,"href":"https:\/\/ravi.rajiniravi.com\/blog\/wp-json\/wp\/v2\/posts\/2873\/revisions\/2891"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ravi.rajiniravi.com\/blog\/wp-json\/wp\/v2\/media\/3979"}],"wp:attachment":[{"href":"https:\/\/ravi.rajiniravi.com\/blog\/wp-json\/wp\/v2\/media?parent=2873"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ravi.rajiniravi.com\/blog\/wp-json\/wp\/v2\/categories?post=2873"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ravi.rajiniravi.com\/blog\/wp-json\/wp\/v2\/tags?post=2873"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}