::  Posts  ::  RSS  ::  ◂◂RSS  ::  Contact

Moving to HTTPS

October 5th, 2017
https, tech  [html]
About a year and a half ago I added HTTPS support to my sites but kept them running on HTTP for the time being. Chrome plans to eventually mark all HTTP pages as "Not secure", however, and HTTP is in fact not secure, so today I decided to switch over to HTTPS as the default.

Since Ubuntu 16 LTS ships with a very old version of the Let's Encrypt client I followed their instructions to move to a recent version. Then I put the following in my root crontab:

28 11 * * * certbot renew --quiet --post-hook "service nginx restart"

This runs the command daily at 11:28, which is a time I chose randomly. Random is good here: it keeps the load on the Let's Encrypt servers more consistent.

This tells the client to renew whatever cert I currently have, which I had originally generated with:

sudo letsencrypt certonly
   --webroot
   -w /var/www/    -d www.jefftk.com
                   -d     jefftk.com
   -w /var/www-fr/ -d www.freeraisins.com
                   -d     freeraisins.com
   -w /var/www-lw/ -d www.lilywise.com
                   -d     lilywise.com
   -w /var/www-tc/ -d www.trycontra.com
                   -d     trycontra.com
   -w /var/www-aw/ -d www.annakaufmanwise.com
                   -d     annakaufmanwise.com
   -w /var/www-oc/ -d www.olivercumming.com
                   -d     olivercumming.com
   -w /var/www-bd/ -d www.bidadance.org
                   -d     bidadance.org
   -w /var/www-rs/ -d www.regularlyscheduled.com
                   -d     regularlyscheduled.com
   --email jeff.t.kaufman@gmail.com
   --agree-tos

To switch over to HTTPS I've put:

server {
  listen 80 default_server;
  server_name redirect_to_https;
  return 301 https://$host$request_uri;
}

in my nginx config and removed all my listen 80 directives.

Since I'm still not 100% confident in my HTTPS setup I've put listen 8080 directives for each of my sites, so that it's possible to visit www.jefftk.com:8080 etc over HTTP.

Comment via: google plus, facebook

Recent posts on blogs I like:

Empire State High- and Low-Speed Rail

If Swiss planners were hired to design an intercity rail network for New York State, they might propose something that looks like this: The trip times depicted on the map are a few minutes longer than intended, especially next to a terminus station like N…

via Pedestrian Observations January 27, 2020

Hedonic asymmetries

Creating really good outcomes for humanity seems hard. We get bored. If we don’t get bored, we still don’t like the idea of joy without variety. And joyful experiences only seems good if they are real and meaningful (in some sense we can’t easily pin down…

via The sideways view January 26, 2020

Live the questions now

Here’s some advice that my Godmother, Lynne Caldwell, gave me a few years ago. I found it again the other day and it struck me that at least I understand its wisdom now. She really did get my problem. It feels like he’s speaking directly to me. It’s from …

via Holly Elmore January 23, 2020

more     (via openring)

More Posts:


  ::  Posts  ::  RSS  ::  ◂◂RSS  ::  Contact