In my last post, I set up my firewall, DNS servers, and domain name. Now, I am ready to switch over from HTTP and handle all data requests on HTTPS.
User data should be transported securely using HTTPS, so I needed to buy an SSL cert. Thankfully, my friend in security told me there is a new-ish service called Let’s Encrypt that provides free SSL certs! I looked up a few tutorials, and thank heavens for DigitalOcean, there was a tutorial on setting up Let’s Encrypt on Ubuntu 16.04 (https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04). I followed that tutorial all of the way until I got to the webroot command. For some reason, obtaining the necessary encryption files using webroot was not working for me, so instead, I had to use manual mode. In the tutorial they use the following command, “sudo letsencrypt certonly -a webroot –webroot-path=/var/www/html -d example.com -d www.example.com”. This didn’t work for me, so I had to use manual mode instead (see manual mode documentation here: https://certbot.eff.org/docs/using.html#manual).
After that quick fix, I continued through the tutorial. I chose to redirect all HTTP requests to HTTPS, adjusted my firewall, restarted nginx, and set up a cron job to renew my certificates every month. Once I finished up the tutorial (first link provided above), I had successfully configured HTTPS.