the itjerk

my adventures with technology

Tag Archives: website

let’s encrypt – free ssl

Let’s Encrypt is “a free, automated, and open certificate authority” from the ISRG (and now apparently the EFF), and a growing list of technology big-names. And in the sounds too good to be true department, they offer not only free ssl certificates, but an easy to use tool that configures your web server, or ACME – automated certificate management environment, in a just a few easy steps. Encrypting web traffic should be utilized not only with sites running e-commerce or email, but whenever the use of passwords is involved.

First step is to install the client via git:

sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

Then run the config:

cd /opt/letsencrypt
./letsencrypt-auto --apache -d yoursite.com

The client will ask a few questions about the certificate you want to install. Most importantly, remember that you probably need to apply it to your default-ssl.conf. To test your new certificate, use SSLLabs website:

https://www.ssllabs.com/ssltest/analyze.html?d=yoursite.com&latest

The tutorial below even shows you how to add renewal options to cron for set and forget ease. Remember to git pull and stash to keep everything up to date. And most of all, it’s a free service!
On the web:

Let’s Encrypt – Free SSL/TLS Certificates

How To Secure Apache with Let’s Encrypt on Ubuntu 14.04

webhosting

Have you ever met anyone that is completely satisfied with their web host? Admittedly, one person's web host is certainly not another's. On one end of the scale, there are the complete "n00bs", those looking for template/one-click instant websites. In the middle are those that live for the control panel – options galore, lots of things to play with – but watch out when something doesn't work, aka the dreaded support-ticket. The other end are the experts, those that say "you keep the hardware running and bandwidth flowing and I'll take care of the software, thank you very much". You know, those that want c-o-n-t-r-o-l.

I've had surprisingly few web hosts over the past decade or so, Hostway and Dotster quickly come to mind. Neither were that bad at any one thing, but I'm not sure if I could find myself recommending either without qualification. Price, ease of use, uptime, yes, it's all fine and dandy, but did either earn superlatives, like "they're the best", "never had an issue", "great support"? Not really.

Enter Digital Ocean. They offer "droplets" – little virtual private servers you can create quickly. The price is right, $5 per month for your own little fluffy cloud on the internet, a 20GB SSD with 512MB RAM, and 1TB of Tier 1 bandwidth. You pick the OS, configure the DNS, and do EVERYTHING yourself. And there's the challenge: no control panel, no telephone support, no mail, scripts or templates: no nothing, other than shell access to your server. Ooooh, the geek in me wants one! And after a couple introductory email questions, I was presented with a $10 coupon, so yes, I took the bite and signed up.

And there I went, giving them a credit card, picking my OS, setting up a domain, and before I knew it, I was up and running. Next, after an apt-get update/upgrade and reboot, I installed LAMP, Drupal, vsftp, iptables, configured .htaccess and php mod_rewrite (for Drupal to work with clean urls), a few more apache2 tweaks, upload all of my website (which was the real chore), and viola, here I am, with a copy of my site running on a fully-functioning server that I configured by myself. Of course, I have one on my test server at home, but this one is in the cloud. Digital Ocean's documentation is very good and gets you most of the way there, though things like installing Drupal will only take you so far. But that's the fun of it – figuring it all out and making it work.

I am the web host.

On the web (referral link):
Digital Ocean Cloud Server/VPS