TL;DR
Many websites in Asia still don’t use HTTPS (secure connections). This guide explains how to get an SSL/TLS certificate and enable HTTPS on your website, improving security and user trust. It covers checking current status, getting a free certificate with Let’s Encrypt, installing it using common web servers (Apache & Nginx), and forcing HTTPS redirection.
1. Check Your Current HTTPS Status
Before you start, see if your website already has an SSL/TLS certificate installed. You can use online tools:
- SSL Server Test: https://www.ssllabs.com/ssltest/ – This gives a detailed report.
- Qualys SSL Labs: Similar to the above, provides in-depth analysis.
If the test shows no certificate or an expired one, proceed with the following steps.
2. Get a Free SSL/TLS Certificate (Let’s Encrypt)
Let’s Encrypt is a free, automated and open Certificate Authority. Certbot is the recommended client for obtaining and installing certificates.
- Install Certbot: The installation process varies depending on your operating system. Check https://certbot.eff.org/instructions for specific instructions. For example, on Ubuntu:
sudo apt update sudo apt install certbot python3-certbot-apache # If using Apache sudo apt install certbot python3-certbot-nginx # If using Nginx - Run Certbot: This will automatically verify your domain and obtain a certificate.
sudo certbot --apache -d yourdomain.com -d www.yourdomain.com # For Apache sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com # For NginxReplace yourdomain.com with your actual domain name.
Certbot will ask for an email address and agreement to terms of service.
3. Install the Certificate (Apache)
If you used Certbot with the Apache plugin, it usually handles this automatically. However, verify:
- Virtual Host Configuration: Check your Apache virtual host file (usually in /etc/apache2/sites-available/). It should include lines similar to:
<VirtualHost *:443> ServerName yourdomain.com DocumentRoot /var/www/yourdomain.com SSLEngine on SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem </VirtualHost> - Restart Apache:
sudo systemctl restart apache2
4. Install the Certificate (Nginx)
Similar to Apache, Certbot often automates this.
- Virtual Host Configuration: Check your Nginx virtual host file (usually in /etc/nginx/sites-available/). It should include:
server { listen 443 ssl; server_name yourdomain.com www.yourdomain.com; ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem; ... } - Restart Nginx:
sudo systemctl restart nginx
5. Force HTTPS Redirection
Redirect all HTTP traffic to HTTPS for security.
- Apache (.htaccess): Add the following to your .htaccess file in your website’s root directory:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] - Nginx (Virtual Host): Add a redirect block to your Nginx virtual host configuration:
server { listen 80; server_name yourdomain.com www.yourdomain.com; return 301 https://$host$request_uri; } - Restart Web Server: Restart Apache or Nginx after making changes (as in steps 3 & 4).
6. Automatic Renewal
Let’s Encrypt certificates expire every 90 days. Certbot automatically sets up a cron job to renew them.
- Check Cron Job:
crontab -lshould show a line related to certbot renewal.
- Manual Renewal (if needed):
sudo certbot renew