To secure your our website, we need to use HTTPS. HTTPS uses SSL/TLS to encrypt the traffic between the web server and clients, making it much more secure. However, manually provisioning and renewing SSL/TLS certificates can be a time-consuming and error-prone process.
We can enable HTTPS to our website/domain by installing a free TLS certificate from Let’s Encrypt. To do that, Run the following command to install Let’s Encrypt client (certbot) on Ubuntu server.
sudo apt install certbotApache Web Server
sudo apt install python3-certbot-apache
Run command to install TLS certificate.
sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email you(at)domain.com -d domain.com,www.domain.comNginx Web Server
sudo apt install python3-certbot-nginx
and then run command to install TLS certificate.
sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email you(at)domain.com -d domain.com,www.domain.com
Note :
--nginx: Use the nginx plugin.--apache: Use the Apache plugin.--agree-tos: Agree to terms of service.--redirect: Force HTTPS by 301 redirect.--hsts: Add the Strict-Transport-Security header to every HTTP response. Forcing browser to always use TLS for the domain. Defends against SSL/TLS Stripping.--staple-ocsp: Enables OCSP Stapling. A valid OCSP response is stapled to the certificate that the server offers during TLS.