How to Secure your website Using SSL
Add SSL to a website.
Securing one’s website is a MUST technique and attribute to prevent you from getting hacked.
First, let us start by defining what SSL is. SSL is a protocol that secures messages that are transmitted on the internet.{Secure Socket Layer}.
SSL is simply using a digital certificate to authenticate your website and protect you from hackers. Also, provides encryption for LDAP and FTP.
A hint on how to prevent SSL stripping.:
- Encrypt all elements of your site with an SSL certificate.
- Add your domain to the HSTS preload list, which lets browsers know that your site is secure.
STEPS on how to add SSL to your website.
Step 1:
Install certbot
- First, create a repo using this cli
“sudo add-apt-repository ppa:certbot/certbot”
- sudo apt install python-certbot-apache
Step 2
Setup SSL CERTIFICATE
Certbot needs to be able to find the correct virtual host in apache configuration for SSL to be configured.
sample “.. etc/apache2/sites-available/tokslaw.com.conf”
Step 3
Allowing HTTPS Through the Firewall
If the firewall is enabled, edit the firewall to allow HTTPS traffic
- sudo ufw allow “Apache Full”
- sudo ufw delete allow “Apache”
Step 4
Obtaining an SSL Certificate
Enter the following syntax:
- sudo certbot -apache -d your_domain -d www.your_domain
sample: sudo certbot -apache -d tokslaw.com -d www.tokslaw.com
Then, enter your email address, this helps to send an update when your certificate is about to expire.
Step 5
Verifying Certbot Auto-Renewal.
Keep in mind, Let’s Encrypt is valid for 90 days.
Enter this command cli to assist with verification
- “sudo certbot renew–dry-run”
Voila! You have a secured Website!