Let’s Encrypt: Secure Apache Web Server on Ubuntu 16.04

Starting with Chrome 56, the browser developed by Google marks non-secure pages containing password and credit card input fields as Not Secure in the URL bar. It was almost one year ago, when the Mountain View giant announced this choice.
当然, everybody knows that secure is better then insecure; but in this case, the big problem with HTTP is that it lacks a system for protecting communications between clients and servers. This exposes data to different kinds of attacks, 例如, the “Man in the middle” (MIM), in which the attacker intercepts your data. If you are using some transaction system with your bank, using credit card infos, or just entering a password to log in to a web site, this can become very dangerous.
This is why HTTPS exists (HTTP over TLS, 要么, HTTP over SSL, 要么, HTTP Secure).
If you are on Unixmen, you probably know what this means: SSL/TLS ensures encrypted connections.
所以, if your job is to keep a web server up and running on, you should switch to HTTPS.
To encrypt the traffic between server and client, web servers use SSL certificates. Let’s Encrypt helps in obtaining and installing a trusted certificate 免费.

In this tutorial we will see how to secure an Apache Web Server on Ubuntu 16.04 using Let’s Encrypt.

Install Let’s Encrypt

Let’s Encrypt provides a client software which will fetch certificates almost automatically. This software is called Certbot, and the developers have their Ubuntu repository with up to date versions.

所以, first of all, we will add the repository:

# add-apt-repository ppa:certbot/certbot

下一个, 更新 apt packages list:

# apt-get的更新

在此刻, install Certbot:

# apt-get install python-certbot-apache

Install SSL Certificate

Once the Certbot client is installed, we can use it to obtain and install a new certificate for our server. It is possible to use a single certificate for many subdomains (or even domains). This can be done just passing all the domains as certbot 论据.

# certbot --apache -d www.example.com -d example.com

Certbot will present a step-by-step process to customize certificate options, and to enter information like email address. This last one will be used for key recovery. During the process it is possible to choice between which protocol to enable: both HTTP and HTTPS or HTTPS alone, which means that all requests will be automatically redirected. 当然, the best choice is to use only HTTPS, unless there are serious reasons to use unencrypted traffic to your server.

Testing Certificate

To verify the status of the SSL certificate, just go to the following link with a browser:

https://www.ssllabs.com/ssltest/analyze.html?d=www.example.com&latest

Certificates Renewal

Let’s Encrypt certificates last for 90 天, so it’s up to you to renew. Using Certbot, you can test the automatic renewal system with this command:

certbot renew --dry-run

如果它的工作原理, you can add a cron 要么 systemd job to manage automatic renewal.

结论

We have seen how easy can be to install a SSL certificate on an Apache Web Server, running on top of Ubuntu 16.04, by using the software client provided by Let’s Encrypt. 在此刻, if you go with your browser to https://www.example.com 要么 https://example.com you will see that the site will be correctly served through HTTPS.

Let’s Encrypt: Secure Apache Web Server on Ubuntu 16.04 最先出现在 Unixmen.

发表评论

本网站使用的Akismet,以减少垃圾邮件. 了解您的意见如何处理数据.

我们使用cookies来给你最好的在线体验. 通过同意你接受使用cookies按照我们的Cookie政策.