- Neal Stanton
We value your privacy!
In order to offer our services in the best possible way to you, we collect some data from you.
See our Privacy Policy and Legal Notice
5 Minutes Installation of Let's Encrypt for your Server
This time we show you how to make your own server more secure in about 5 minutes with Let’s Encrypt. Let’s Encrypt is a Certificate Authority that uses SSL protocols to protect all domains on your server from unauthorized plaintext access using HTTPS.
Introduction
If you want HTTPS encryption for your website, you need a certificate from a Certificate Authority (CA). This can be done within a few minutes with Let’s Encrypt, for example.
But before we start with the installation instructions, we are asking ourselves why HTTPS and the encryption behind it using SSL is so important.
What is HTTPS and how does it work?
HTTPS is syntactically identical to HTTP but ensures that data transmitted over the Internet cannot be read as plain text by anyone who has access to the corresponding network. HTTPS, therefore, encrypts the data during communication between the client, i.e. its web browser, and the corresponding web server.
This encryption is realized by using SSL or the successor version TLS. Another important reason to upgrade its servers from HTTP to HTTPS is that Google’s web browser Chrome will probably no longer support HTTP from next year and will only accept HTTPS requests to guarantee security in their browser.
How does SSL work?
At the beginning of the server-client communication, a protected identification and authentication of the communication partners is performed using a so-called SSL handshake protocol. Afterwards, asymmetric encryption, a method in which both communication sides generate their own key pair, each with a public and a private key, without needing to know the other side’s private key is used to encrypt the website’s data.
The public key is used to encrypt data for the owner of the private key and the private key can decrypt the data generated by the public key.
SSL 3.0 (Secure Sockets Layer) was the last version of the SSL protocol. Since then, the successor has been standardized and further developed under the new name TLS (Transport Layer Security).
Let's Encrypt Installation
Heading over to the actual installation: Let’s Encrypt recommends Certbot as ACME client. It’s only possible to use Certbot if you have root access to the server you are using. On the Certbot website, you will find installation instructions for each software and system. Let’s assume an Apache server with Debian 8:
Debian Backsports
deb http://ftp.debian.org/debian jessie-backports main
Then run the following command:
apt-get update
All backports are disabled by default. Individual packages can be installed as follows:
apt-get -t stretch-backports install "package"
Certbot Installation
Now we move on to the actual installation of Certbot. Again, the installation requires only one line of code:
$ sudo apt-get install python-certbot-apache -t jessie-backports
After the installation is finished, you can start the client with the command “certbot –apache” and be guided through the configuration.
Configuration in the Certbot Client
If you do not want to create a certificate for all domains you can deselect them individually. In retrospect, these can, of course, be created by using the Certbot again.
During configuration, it can also be set that all requests to an HTTP page are automatically redirected to the corresponding HTTPS page. This configuration is then saved in “etc/apache2/sites-available/” with the extension “-le-ssl.conf”.
Automatic renewal of Let's Encrypt certificates
Since Let’s Encrypt certificates are only valid for 90 days, they have to be renewed constantly. Meanwhile, Certbot has a Cron job that renews all certificates automatically before they expire. It is highly recommended to use this function as the manual renewal of certificates is very time-consuming and can easily cause errors. To test the automatic renewal you can use the following command:
$ sudo certbot renew --dry-run
Recap
With the help of the new ACME client Certbot, the installation and configuration of Let’s Encrypt SSL protocols has become much easier. Now even inexperienced server administrators can make their servers secure. It is definitely recommended to use this hardly time-consuming method to encrypt your web pages with HTTPS using SSL.
How is your company handling the challenges of enterprise streaming and video communications?
About StriveCast
StriveCast is a leading technology provider for eCDN solutions. Our WebRTC-based P2P mesh network is used by large companies like Swisscom, Siemens, Gazprom, and NEP group to solve the problem of network congestion during live events. Based in Germany, we are constantly improving and adapting our cutting-edge P2P technology in order to provide the next generation of enterprise video delivery. Today, StriveCast connects over 150,000 users worldwide on a daily basis, saving customers up to 95% of CDN traffic with a unique server-side-managed Peer-To-Peer network.
