Set it up
Let's Encrypt is a new Certificate Authority that it's not only free, but also aims to make secure sites easy to implement with an automated process to generate, install and renew SSL certificates.
This process uses a script that runs on your server, and makes a few assumptions about your settings to be able to finish. I started the process following this tutorial from Digital Ocean Community area.
I followed the instructions, I got the dialog to configure the certificate details and added all the information it was asking for, the certificate files were generated and saved where they were supposed to, and then I got a notification saying everything worked out.
# Bash output
IMPORTANT NOTES:
$ Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/domain.com/fullchain.pem.
At this point, the tutorial says
You should now be able to access your website using a https prefix.
I'm sure for many websites this is enough, except my site wouldn't work using the HTTPS prefix.
There's more to it
There are a few things this tutorial doesn't tell you. For example it doesn't say that the script will try to modify the vhost file for the domain you're creating the certificate for. And I say try because if there is more than one vhost file the script fails to pick the correct one. At least that's what happened to me, as I have this file for the main site and a couple of other files for subdomains I use for testing.
After Googling for a while, I found a post explaining how to make the changes manually to the vhost file to atcually put the site under HTTPS once the certificate has been generated.
This is achieved by copying your domain's vhost file to a new domain.com-ssl.conf
file and making the following:
# Use server IP address
<VirtualHost 0.0.0.0:80>
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot /home/user/domain.com/www
<Directory /home/user/domain.com/www>
Require all granted
AllowOverride All
</Directory>
CustomLog /var/log/apache2/domain.com.log combined
</VirtualHost>
Look like this:
# Use server IP address
<VirtualHost 0.0.0.0:443>
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot /home/user/domain.com/www
<Directory /home/user/domain.com/www>
Require all granted
AllowOverride All
</Directory>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/domain.com/fullchain.pem
CustomLog /var/log/apache2/domain.com.log combined
</VirtualHost>
And then activating the new configuration in Apache:
# Bash commands
$ sudo a2ensite domain.com-ssl.conf
$ sudo service apache2 restart
Also…
The post doesn't say anything about making changes in your application or website. I understand it can't cover all systems and possibilities, but not mentioning anything at all can confusing for some users. In my case, I knew beforehand I had to change some settings on Statamic config files to generate links pointing to https, and I also had to add the following lines to my .htaccess
file:
# Your .htaccess file
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,NC,R=301]
Which redirects all requests made to the non secure site to its equivalent in the HTTPS version.
So, make sure you take into account that you may have to make similar changes in your site in order to get it to work properly under HTTPS.
Finally
It's a good idea to read the whole post, comments and relevant information before attempting to make the changes, so you have a better view of what's going to happen and ensure you can complete all the steps.
Now go secure your site.