In Part 6 of the tutorial we'll install SSL certificates and force the web server to serve SSL only.
It's recommended that you have read the previous steps of this course. You'll find the overview at the end of this blogpost.
Course ingredients:
12. Get free Let's Encrypt SSL certificates
Instead of buying a certificate at one of the many sources on the internet we'll create free certificates at Let's Encrypt. That's one of the advantages if you have your own remote server up and running. The freedom to choose whatever you would like to install.
Let's Encrypt recommends that most people with shell access use the Certbot ACME (Automatic Certificate Management Environment) client.
Certbot is a free, open source software tool for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS.
Install Certbot
Open a second session in a new terminal.
Switch to root user and navigate to /etc/apache2 directory.
su
cd /etc/apache2
apt update && apt install certbot python3-certbot-apache
Confirm with yes
13. Request certificate, active https and force SSL
Request a certificate for domain
certbot -d <DomainName>
For Apache
To use certbot for both a http://domain and http://www.domain use the following command:
certbot --apache -n -d domain.com -d www.domain.com --agree-tos --email admin@domain.com --redirect --expand
Without specifying both domains, you will get a certificate error for the domain not specified during creation.
Renew certificate
First check status of certificates:
systemctl status certbot.timer
Renew certificates:
certbot renew --dry-run
The Course Syllable:
22.05.2021 – Part 1
- Introduction & reasoning
29.05.2021 – Part 2
- Create Hetzner Cloud Server
- Connect to Server
05.06.2021 – Part 3
- Update and upgrade Ubuntu installation and install apache2
- Install PHP
12.06.2021 – Part 4
- Establish ssh keys
- Add new sudo user
- Deactivate root user
- Make new sudo user owner of ssh service
19.06.2021 – Part 5
- Buy Domain and point it to Hetzner Server
- Create Virtual Host for domain
26.06.2021 – Part 6
- Get free Let's Encrypt SSL certificates
- Request certificate, active https and force SSL
03.07.2021 – Part 7
- Install Git on Remote Server
- Create CI/CD user and ssh keys for Gitlab on Remote Server
10.07.2021 – Part 8
- Create Gitlab Repository
- Establish ssh keys and configure CI/CD
17.07.2021 – Part 9
- Install MySQL
- Install phpMyAdmin
24.07.2021 – Part 10
- Summary of project development workflow
- I'll be back – The course update log
See you next week for more
Johnnie