::  Posts  ::  RSS  ::  ◂◂RSS  ::  Contact

Moving to HTTPS

October 5th, 2017
https, tech  [html]

About a year and a half ago I added HTTPS support to my sites but kept them running on HTTP for the time being. Chrome plans to eventually mark all HTTP pages as "Not secure", however, and HTTP is in fact not secure, so today I decided to switch over to HTTPS as the default.

Since Ubuntu 16 LTS ships with a very old version of the Let's Encrypt client I followed their instructions to move to a recent version. Then I put the following in my root crontab:

28 11 * * * certbot renew --quiet --post-hook "service nginx restart"

This runs the command daily at 11:28, which is a time I chose randomly. Random is good here: it keeps the load on the Let's Encrypt servers more consistent.

This tells the client to renew whatever cert I currently have, which I had originally generated with:

sudo letsencrypt certonly
   --webroot
   -w /var/www/    -d www.jefftk.com
                   -d     jefftk.com
   -w /var/www-fr/ -d www.freeraisins.com
                   -d     freeraisins.com
   -w /var/www-lw/ -d www.lilywise.com
                   -d     lilywise.com
   -w /var/www-tc/ -d www.trycontra.com
                   -d     trycontra.com
   -w /var/www-aw/ -d www.annakaufmanwise.com
                   -d     annakaufmanwise.com
   -w /var/www-oc/ -d www.olivercumming.com
                   -d     olivercumming.com
   -w /var/www-bd/ -d www.bidadance.org
                   -d     bidadance.org
   -w /var/www-rs/ -d www.regularlyscheduled.com
                   -d     regularlyscheduled.com
   --email jeff.t.kaufman@gmail.com
   --agree-tos

To switch over to HTTPS I've put:

server {
  listen 80 default_server;
  server_name redirect_to_https;
  return 301 https://$host$request_uri;
}

in my nginx config and removed all my listen 80 directives.

Since I'm still not 100% confident in my HTTPS setup I've put listen 8080 directives for each of my sites, so that it's possible to visit www.jefftk.com:8080 etc over HTTP.

Comment via: google plus, facebook

Recent posts on blogs I like:

High-Speed Rail in Small, Dense Countries

Four years ago I brought up the concept of the small, dense country to argue in favor of full electrification in Israel, Belgium, and the Netherlands. Right now I am going to dredge up this concept again, in the context of intercity trains. In a geographi…

via Pedestrian Observations October 12, 2019

What do executives do, anyway?

An executive with 8,000 indirect reports and 2000 hours of work in a year can afford to spend, at most, 15 minutes per year per person in their reporting hierarchy... even if they work on nothing else. That job seems impossible. How can anyone make any im…

via apenwarr September 29, 2019

Taxing investment income is complicated

How should a state tax investment income if it wants to maximize its citizens’ welfare? This sounds like a simple question but I find it surprisingly hard to think about. Here are some of the positions I’ve moved through over the last few years: Taxing in…

via The sideways view September 22, 2019

more     (via openring)

More Posts:


  ::  Posts  ::  RSS  ::  ◂◂RSS  ::  Contact