You probably all know Let's encrypt which allows you to have a free SSL certificate to switch your site to HTTPS. But have you heard of Certbot, a tool offered by the EFF (Electronic Frontier Foundation) that allows you to obtain your certificate in one command line and configure your web server in the process?
I hadn't yet taken the time to test it and I think it's the opportunity today to give you a quick tutorial. You'll see, it's fast, painless and anyway, you'll all have to go through it.
So here's how to migrate a website (under WordPress in my example, but it works with everything) from HTTP to HTTPS.
First step: Install CERTBOT on your server.
I'll do the tutorial for Ubuntu but if you have another distribution, click here.
Download and install the script :
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot python-certbot-apache
Second step: Generate the certificates.
If like me, you use nginx, run the command :
sudo certbot --nginx
And if you use Apache :
sudo certbot --apache
Certbot will then list your virtualhosts (the websites present on your server). Enter the numbers of those you want to migrate to HTTPS. If it's your first time, I invite you to do it site by site. In the case of a WordPress, also think about disabling plugins, because some of them could be a problem.
From there, Certbot will generate the Let's Encrypt certificates that go well and modify the Apache / Nginx conf so that HTTPS is enabled by default for your site. Certbot will also ask you if you want to switch exclusively to HTTPS (2/ Redirect) or also keep an HTTP connection (1/ No Redirect).
I recommend that you choose option 2 to avoid duplicate content. Certbot will take a few more seconds and that's it, the configuration is done. Wasn't that easy? It's up to you to test your site in HTTPS now. You may have some "mixed content"... To fix it, you may have to correct some calls in your theme, sometimes in your plugins, or even specify your URL in HTTPS in your wp-config.php file like this :
define('WP_HOME', 'https://VOTRESITE.com');
define('WP_SITEURL', 'https://VOTRESITE.com');
If despite this, you notice that your site is still accessible in HTTP too, edit your VirtualHost and uncomment the part about 301 redirections from HTTP to HTTPS. Here is what I have as an example under nginx :
To test your SSL config, you can also use the ssllabs service I already talked about, using this URL :
https://www.ssllabs.com/ssltest/analyze.html?d=URLDEVOTRESITE.COM
Step 3: Automate the renewal of your certificates.
Wait don't leave right away, because you need to know that your certificate is only valid for 90 days. That's the way it is. But don't worry, with Certbot, you'll be able to renew it easily with a simple command.
We will first test a blank to see if there are no problems with your certificates and their possible renewals. To do this, enter the following command (remember to specify the path):
sudo certbot renew --dry-run
The command necessary to automatically renew your certificates will have been automatically installed at one of these locations :
/etc/crontab/
/etc/cron.*/*
systemctl list-timers
And this time it's really over. You can forget all about it 🙂
I remind you that Let's Encrypt and Certbot are free, so please consider making a donation to support these services.
Your server's security guard who is checking the wrong IP addresses
Want to know what is going through your ip address?
Cybersecurity is not only a question of financial means. It is also a question of defensive tools, technical perimeter, unfiltered access and above all, running after time.
It is therefore necessary to be able to analyze these unfiltered accesses in real time, to detect those that are fraudulent.
CrowdSec is a 100% open source tool that combines 2 ideas very well known by server administrators.
Crowdsec is able to automatically ban an IP connecting to your server, a bit like a Fail2ban.
And it is able to offer a database of these IPs to the CrowdSec user community, a bit like Abuse IPDB does, so that information can circulate quickly and everyone can be protected in turn.
This allows you to detect all types of attacks and respond proportionally to them.
ISocial Plugin