Updated the site with Lets Encrypt

I like to use secure communication as much as possible since we never know what new threats are out on the web. I don’t think I’ve got the skill set to battle of the best hackers, but stopping at least the script kiddies and such should be possible.

So first I ran a update so that I was sure everything is good to go.

sudo yum update

I then went and install git so that I can download the letsencrypt software.

sudo yum install git

I then downloaded letsencrypt and setup apache for ssl.

sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

cd /opt/letsencrypt

./letsencrypt-auto --apache -d example.com -d www.example.com

You get some questions and one of them are if you want http and https or redirect to https. I chose redirect since I want the site to always use https.

Letsencrypt puts the files in /etc/httpd/sites-enabled so I moved the to sites-avaliable and made a symlink to enabled instead.

After a restart of httpd the site is up and running with https 🙂

I then ran a test of the server on ssl labs ssl test.
It complained about SSLv3, so I had to fix that.

So I located ssl.conf under /etc/httpd/conf.d and located

SSLProtocol all -SSLv2

and added -SSLv3 to it.

Kurt

Leave a Reply

Your email address will not be published. Required fields are marked *