Setting Up SSL For Your Sites

You can setup your server to serve websites using SSL. This is a two step process:

1.Generate an SSL certificate and configure Apache on your server to use SSL for this website

2.Enable the 'Force SSL' option in the Hub for this website to redirect all traffic to the SSL version of the website

This approach is based on using Certbot and Letsencrypt and using our recommended Linode hosting.

Initial installation of Certbot

This step only needs to be done once on your server

1. Connect to your server over SSH

2. Enter this command: sudo snap install core; sudo snap refresh core

3. Then this: sudo apt-get remove certbot

4. Then this: sudo snap install --classic certbot

5. Then this: sudo ln -s /snap/bin/certbot /usr/bin/certbot

Certbot is now installed.

Generating the Certificate and Configuring Apache

This step needs to be done once per website

1.Connect to your server over SSH

2.Issue the following. If prompted, issue ‘c’ to bypass the warning about the ssl conf file. (Replacing YOUR.EXAMPLE.COM with your actual site domain name in lowercase):

sudo certbot certonly --apache --domains YOUR.EXAMPLE.COM

3.Issue: vi /etc/apache2/sites-available/setseed.conf

4.You are now in a text editor. Hit i on the keyboard to enter insert mode, you’ll see insert show at the bottom left. Use the down arrow key to move the cursor down to the last line and then paste in the following. (Replacing YOUR.EXAMPLE.COM with your actual site domain name in lowercase):

<VirtualHost *:443>  
SSLEngine on
DocumentRoot /var/www/html/
<Directory /var/www></Directory>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
SSLCertificateFile /etc/letsencrypt/live/YOUR.EXAMPLE.COM/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/YOUR.EXAMPLE.COM/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/YOUR.EXAMPLE.COM/chain.pem

5.Hit Esc then type :wq then hit Enter. This saves and closes the file.

6.Repeat steps 2-5 for the non-www version of your domain as well.

7.Issue: systemctl restart apache2

8.Don’t forget to tick the ‘Force ssl’ option in the Hub for the site you’ve just enabled.