Let’s Encrypt: Secure Apache Web Server on Ubuntu 16.04

Starting with Chrome 56, the browser developed by Google marks non-secure pages containing password and credit card input fields as Not Secure URL 표시줄에. It was almost one year ago, when the Mountain View giant announced this choice.
물론, everybody knows that secure is better then insecure; but in this case, the big problem with HTTP is that it lacks a system for protecting communications between clients and servers. This exposes data to different kinds of attacks, 예를 들어, the “Man in the middle” (MIM), in which the attacker intercepts your data. If you are using some transaction system with your bank, using credit card infos, or just entering a password to log in to a web site, this can become very dangerous.
This is why HTTPS exists (HTTP over TLS, 또는, HTTP over SSL, 또는, HTTP Secure).
If you are on Unixmen, you probably know what this means: SSL/TLS ensures encrypted connections.
그래서, if your job is to keep a web server up and running on, you should switch to HTTPS.
To encrypt the traffic between server and client, web servers use SSL certificates. 하자 암호화 helps in obtaining and installing a trusted certificate 무료.

In this tutorial we will see how to secure an Apache Web Server on Ubuntu 16.04 using Let’s Encrypt.

Install Let’s Encrypt

Let’s Encrypt provides a client software which will fetch certificates almost automatically. This software is called Certbot, and the developers have their Ubuntu repository with up to date versions.

그래서, first of all, we will add the repository:

# add-apt-repository ppa:certbot/certbot

다음, 업데이트 apt packages list:

# -업데이트

이 시점에서, install Certbot:

# apt-get install python-certbot-apache

Install SSL Certificate

Once the Certbot client is installed, we can use it to obtain and install a new certificate for our server. It is possible to use a single certificate for many subdomains (or even domains). This can be done just passing all the domains as certbot 인수.

# certbot --apache -d www.example.com -d example.com

Certbot will present a step-by-step process to customize certificate options, and to enter information like email address. This last one will be used for key recovery. During the process it is possible to choice between which protocol to enable: both HTTP and HTTPS or HTTPS alone, which means that all requests will be automatically redirected. 물론, the best choice is to use only HTTPS, unless there are serious reasons to use unencrypted traffic to your server.

Testing Certificate

To verify the status of the SSL certificate, just go to the following link with a browser:

https://www.ssllabs.com/ssltest/analyze.html?d=www.example.com&latest

Certificates Renewal

하자 암호화 certificates last for 90 일, so it’s up to you to renew. Using Certbot, you can test the automatic renewal system with this command:

certbot renew --dry-run

그것은 작동 하는 경우, you can add a cron 또는 systemd job to manage automatic renewal.

결론

We have seen how easy can be to install a SSL certificate on an Apache Web Server, running on top of Ubuntu 16.04, by using the software client provided by Let’s Encrypt. 이 시점에서, if you go with your browser to https://www.example.com 또는 https://example.com you will see that the site will be correctly served through HTTPS.

게시물 Let’s Encrypt: Secure Apache Web Server on Ubuntu 16.04 에 처음 등장 Unixmen.

답을 남겨주세요