Setup HTTPS on your website

HTTPS is a must have on the web. It secures data communications between the browser and the server. Not only will you need it if you accept payments on your site, but also as soon as there is private data into play (such as passwords). More and more APIs will reject your queries if you don’t use HTTPS (like a couple of Google APIs).

To get HTTPS on your website you only need to install a valid SSL certificate on your server, which will share data with your users browsers.

Most of the time this is perceived as complex and sometimes expensive. Let’s get you HTTPS simply, quickly and for free. 💪

Static providers

Static providers such as Netlify, Now and Github Pages provide SSL automatically and for free. You don’t have anything to do about it 🤩 Most of the time SSL is set only when you set a custom domain name, default domains generated on the fly by those providers may not have HTTPS.

providers

You are covered with those.

Heroku

Heroku provides an Automated Certificate Management system that will install and automatically renew a SSL certificate, but only on their paying offers. You only need to follow the instructions on their documentation. You can also upload your own certificates but here again, only on their paying offers.

They have a documentation page dedicated to SSL on their platform to make it clearer and better suit your needs.

Custom server

If you have your own server you have to set up HTTPS by yourself. I used to think this was a big boring and complicated thing, actually it’s super easy. It takes a couple of minutes only ⌛️

Here I will take DigitalOcean as an example since this is what I use for my own projects, but this would work with any other cloud platform. The only thing you need is to have an access to the server via SSH.

First of all, a couple of answers:

Can I have a free SSL certificate?

Yes.

Do I have to deal with complex manipulations to install a SSL certificate on my server?

No. Really.

We are going to use Let’s Encrypt. Let’s Encrypt is a free, automated, and open Certificate Authority. This is what you will get at the end:

https

From their landing page you only have to click the “Get started” button, follow instructions and you are good!

As an illustration I will show you how it looks like when you select the “With Shell Access” situation, meaning you can connect to your server with SSH and run commands on it.

Install Certbot

Go on Certbot website and select your web server software:

certbot

Then select your server OS version:

certbot os

If you are not sure about your server OS version, just SSH access it and check it out. In my case on Ubuntu:

> lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 16.04.5 LTS # this is the version
Release:	16.04
Codename:	xenial

Once you entered those info there should be a guide to help you.

certbot guide
As an example here is a part of the Ubuntu 16.04 guide

Follow “Install” instructions to install Certbot on your server. You only need to do that once, it will be installed once and for all.

Run Certbot

Follow “Get started” instructions to generate a SSL certificate to a domain of your choice. It consists of a couple of commands to copy/paste. This will automatically update the nginx config of the domain you chose so it accepts requests via HTTPS.

And voila! A couple of handy things Let’s Encrypt also does for you:

  • Automatically redirects requests from HTTP to HTTPS
  • Automatically renew certificates indefinitely, you don’t have to manually update them every 90 days
  • Can issue wildcard certificates if you need to cover wildcard domains (like a.domain.com and b.domain.com at the same time)

Remember that Let’s Encrypt is free and open, it lives thanks to sponsors so if you want to donate that would be awesome!


Share this post