HyperText Transfer Protocol Secure, the extension of HyperText Transfer Protocol, is used for secure network communication. The implemented communication protocol encrypts web communication using Transport Layer Security (TLS) formerly known as Secure Socket Layer (SSL). The protocol is often referred to HTTP over TLS or SSL.
The protocol is used to protect web page authenticity regarding secure accounts, user communication, identity, and private web browsing.
The protocol authentication requires a trusted certificate authority (CA) to sign a server-side digital certificate. Web browsers play a critical role in this protocol by checking a website's certificate to make sure it belongs to the domain it says it was issued to, and verifying that the certificate was signed by a trusted CA. If these conditions hold, then the web traffic for this site between client and server is encrypted using TLS handshakes. TLS uses symmetric encryption to encrypt web traffic between server and client.
Implementing HTTPS is offered as a service by many certificate authorities and web hosting services for a price. As developers we have the skills to implement HTTPS manually at no cost and should take advantage of the open-source intelligence on how to do so. The steps required to implement the HTTPS protocol will vary depending on what your website is running and what type of server it is running on.
Let’s Encrypt is a reasonable way to obtain a certificate, activate, install, and deploy it. Let’s Encrypt is a free, automated Certificate authority (CA) for the public. Let’s Encrypt runs the internet security research group and aims to provide a free, automatic, secure, and transparent CA to the public for the goal of creating a more secure and privacy-respecting web.
Let’s Encrypt issues it’s certificate via CertBot which is a free and open-source software tool for automatically using Let’s Encrypt certificates on manually administered websites to enable HTTPS. Use of CertBot requires
- some familiarity with the command line
- HTTP website already online with port 80 open
- deployment to a dedicated server, virtual private server, or a cloud-hosted server accessible by SSH and navigable with root privileges.
I am hosting my web application on an Ubunto 18.04 LTS (Bionic) Headless server the steps to implement HTTPS using CertBot are as follows.
- SSH into our server running your HTTP website (make sure to have root privileges)
- Run the following commands to add the Personal Package Archives (PPA) for CertBot to your repositories.
- Install your Certificate in the configuration file for your webserver