MARIO SANCHEZ CARRION

Junior Web Developer

How To Enable HTTPS For Your Website

April 20, 2019

I recently configured my web server to serve this site over HTTPS. In fact, if you look at the URL in the address bar of your browser, you should see a lock icon to the left of the URL:

Wikipedia explains HTTPS as follows:

Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS), or, formerly, its predecessor, Secure Sockets Layer (SSL). The protocol is therefore also often referred to as HTTP over TLS, or HTTP over SSL.

HTTP alone is not secure. This means that communication between a client (your browser) and a server (the website you want to visit) is not encrypted, which creates three kinds of problems:

  1. Lack of privacy: anybody can intercept the information you are sending or receiving to or from the server.
  2. Lack of information integrity: a malicious third party can inject code into the HTML of the pages you are receiving (for example unwanted ads or harmful code snippets).
  3. Lack of authentication: you have no way of being 100% sure that the website you're receiving in fact comes from who you think it comes.

HTTPS solves all three of those problems.

To understand how HTTPS works in detail, this is an excellent article that explains it much better than I can:

How HTTPS Works

Since HTTPS relies heavily on the concept of Public-Private Key Cryptography, you may want to start by reading this post:

Public Key Cryptography for Non-Geeks

To implement HTTPS for your site, most web hosts nowadays offer the option to set it up with a simple click of a button. Others, like Digital Ocean, a popular cloud infrastructure provider for developers, require slightly more work.

To enable HTTPS on Digital Ocean you need to install Certbot, an automatic tool that fetches and deploys a SSL/TLS certificate on your webserver. Running Certbot will automatically configure your web server to start serving over HTTPS immediately.

Certbot uses a certificate issued by Let's Encrypt, a free, automated, and open certificate authority (CA), run for the public’s benefit.

For a step by step implementation of HTTPS in Digital Ocean you can follow this tutorial:

How to Set Up Let's Encrypt With Nginx Server Blocks on Ubuntu 16-04.

It will work for a Nginx server on an Ubuntu VPS, but you can search D.O. for instructions in different configurations.

Why you should use HTTPS instead of plain HTTP

tech advanced


About | Contact | Now

Crafted with Metalsmith and deployed to a DigitalOcean VPS.USA 2019