SSL Certificate Setup - Anwer Sadath

Project Overview

This project demonstrates how to secure a website with an SSL certificate using Let's Encrypt and configure Apache to handle HTTPS traffic. SSL ensures encrypted communication, authentication, and data integrity between the server and clients.

What is an SSL Certificate?

SSL (Secure Sockets Layer) is a protocol for establishing authenticated and encrypted links between networked computers. SSL certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, they activate the padlock and HTTPS protocol, enabling secure connections.

Key Benefits of SSL

Encryption: Protects sensitive data by encrypting communication between the client (browser) and the server.
Authentication: Verifies the identity of the website, ensuring users connect to the legitimate site.
Data Integrity: Ensures that data transferred between the client and server is not tampered with.

Steps to Secure a Website with SSL

Step 1: Obtain a Domain Name

Purchase a domain name (e.g., buildwithanwer.com) from a domain registrar like Names.co.uk.

Step 2: Configure DNS Settings

Update DNS records to point your domain (e.g., buildwithanwer.com and www.buildwithanwer.com) to the public IP address of your server (e.g., 18.132.180.215).

Step 3: Install Certbot

Certbot is a tool provided by Let's Encrypt to automate the process of obtaining and renewing SSL certificates. Install it using the following command:

sudo yum install -y certbot

Step 4: Obtain an SSL Certificate

Run Certbot in standalone mode to request an SSL certificate for your domain:

sudo certbot certonly --standalone -d buildwithanwer.com -d www.buildwithanwer.com

Step 5: Configure Apache

Edit the Apache configuration files (httpd.conf and ssl.conf) to enable HTTPS and redirect HTTP traffic to HTTPS.

HTTP to HTTPS Redirection (`httpd.conf`)

<VirtualHost *:80>
    ServerName buildwithanwer.com
    ServerAlias www.buildwithanwer.com
    Redirect permanent / https://buildwithanwer.com/
</VirtualHost>

SSL Configuration (`ssl.conf`)

Listen 443 https

<VirtualHost _default_:443>
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/buildwithanwer.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/buildwithanwer.com/privkey.pem
    SSLHonorCipherOrder on
    SSLCipherSuite PROFILE=SYSTEM
    SSLProxyCipherSuite PROFILE=SYSTEM
</VirtualHost>

Step 6: Update Security Groups

Ensure your server's security group allows inbound traffic on ports 80 (HTTP) and 443 (HTTPS).

Step 7: Set Up Auto-Renewal

Add a cron job to automatically renew the SSL certificate before it expires:

sudo crontab -e

Add the following line to renew the certificate daily at midnight:

0 0 * * * /usr/bin/certbot renew --quiet && /bin/systemctl reload httpd

Conclusion

By following these steps, we successfully secured the website with SSL using Let's Encrypt and configured Apache to handle HTTPS traffic. This setup ensures that the website is secure, builds trust with visitors, and meets modern security standards.