You finished Part 4 - Installing Wordpress and you have your website, but it's not as safe as it should be - potential hackers could intercept your data.
This is probably not a problem for a very small website just displaying some information, but it will be if you run a web store that takes credit card payments, or a site that collects other sensitive information.
Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted with an SSL certificate. When an SSL certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to.
Luckily, there is a service available that will secure your site for free.
Make sure you are logged into PuTTY with your own username.
Let's install the service first:
Hit Enter to continue, then
Then type Y to continue. Now all that's left is we need to create a certificate for each of your sites:
Type your email when asked for one.
Type A to agree.
Choose whether you agree to share your email address with the EFF (that is entirely your choice).
You will be presented with a list of the domains and subdomains that you want to activate:
If you leave the choice blank and hit Enter, all your domains will be activated - otherwise choose which domain you want an SSL certificate for.
If all goes well, you will be presented with a choice if you want to enforce encryption. This is usually the most prudent choice, so let's select 2.
Your certificate(s) should be created now.
Your "letsencypt.org" certificate is set to self destruct after three months, all we need to do now is create a cron job to auto renew it when the time comes. First, go into root mode:
Scroll to the bottom of the file and add:
This will check every Wednesday at 2AM whether your certificate is up for renewal, and will do so when possible. Finally, type
Congratulations, you are now on a fully secure server!
This is probably not a problem for a very small website just displaying some information, but it will be if you run a web store that takes credit card payments, or a site that collects other sensitive information.
Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted with an SSL certificate. When an SSL certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to.
Luckily, there is a service available that will secure your site for free.
Make sure you are logged into PuTTY with your own username.
Installing Certbot
Let's install the service first:
sudo apt-get update
sudo add-apt-repository ppa:certbot/certbot
Hit Enter to continue, then
sudo apt-get install python-certbot-apache
Then type Y to continue. Now all that's left is we need to create a certificate for each of your sites:
sudo certbot --apache
Type your email when asked for one.
Type A to agree.
Choose whether you agree to share your email address with the EFF (that is entirely your choice).
You will be presented with a list of the domains and subdomains that you want to activate:
If you leave the choice blank and hit Enter, all your domains will be activated - otherwise choose which domain you want an SSL certificate for.
If all goes well, you will be presented with a choice if you want to enforce encryption. This is usually the most prudent choice, so let's select 2.
Your certificate(s) should be created now.
Renewing certificate
Your "letsencypt.org" certificate is set to self destruct after three months, all we need to do now is create a cron job to auto renew it when the time comes. First, go into root mode:
sudo -sThen create a cron job:
crontab -e
Scroll to the bottom of the file and add:
0 2 * * Wed /usr/bin/letsencrypt renew >> /var/log/letsencrypt-renew.log
This will check every Wednesday at 2AM whether your certificate is up for renewal, and will do so when possible. Finally, type
exit
Congratulations, you are now on a fully secure server!
Comments
Post a Comment