Let’s Encrypt: Secure Apache Web Server on Ubuntu 16.04

Starting with Chrome 56, the browser developed by Google marks non-secure pages containing password and credit card input fields as Not Secure в URL-бар. It was almost one year ago, when the Mountain View giant announced this choice.
Конечно, everybody knows that secure is better then insecure; but in this case, the big problem with HTTP is that it lacks a system for protecting communications between clients and servers. This exposes data to different kinds of attacks, Например, the “Man in the middle” (MIM), in which the attacker intercepts your data. If you are using some transaction system with your bank, using credit card infos, or just entering a password to log in to a web site, this can become very dangerous.
This is why HTTPS exists (HTTP over TLS, или, HTTP over SSL, или, HTTP Secure).
If you are on Unixmen, you probably know what this means: SSL/TLS ensures encrypted connections.
Так, if your job is to keep a web server up and running on, you should switch to HTTPS.
To encrypt the traffic between server and client, web servers use SSL certificates. Let’s Encrypt helps in obtaining and installing a trusted certificate бесплатно.

In this tutorial we will see how to secure an Apache Web Server on Ubuntu 16.04 using Let’s Encrypt.

Install Let’s Encrypt

Let’s Encrypt provides a client software which will fetch certificates almost automatically. This software is called Certbot, and the developers have their Ubuntu repository with up to date versions.

Так, Прежде всего, we will add the repository:

# add-apt-repository ppa:certbot/certbot

Следующая, Обновление apt packages list:

# APT получить обновление

В этот момент, install Certbot:

# apt-get install python-certbot-apache

Install SSL Certificate

Once the Certbot client is installed, we can use it to obtain and install a new certificate for our server. It is possible to use a single certificate for many subdomains (or even domains). This can be done just passing all the domains as certbot аргумент.

# certbot --apache -d www.example.com -d example.com

Certbot will present a step-by-step process to customize certificate options, and to enter information like email address. This last one will be used for key recovery. During the process it is possible to choice between which protocol to enable: both HTTP and HTTPS or HTTPS alone, which means that all requests will be automatically redirected. Конечно, the best choice is to use only HTTPS, unless there are serious reasons to use unencrypted traffic to your server.

Testing Certificate

To verify the status of the SSL certificate, just go to the following link with a browser:

https://www.ssllabs.com/ssltest/analyze.html?d=www.example.com&последние

Certificates Renewal

Let’s Encrypt certificates last for 90 дней, so it’s up to you to renew. Using Certbot, you can test the automatic renewal system with this command:

certbot renew --dry-run

Если он работает, you can add a cron или systemd job to manage automatic renewal.

Заключение

We have seen how easy can be to install a SSL certificate on an Apache Web Server, running on top of Ubuntu 16.04, by using the software client provided by Let’s Encrypt. В этот момент, if you go with your browser to https://www.example.com или https://example.com you will see that the site will be correctly served through HTTPS.

Должность Let’s Encrypt: Secure Apache Web Server on Ubuntu 16.04 появился первый на Unixmen.

Оставь ответ