The first thing I did is getting a certificate. Let’s Encrypt provides free certificates and useful tools to issue and install them in the server. I read the Getting Started documentation and followed the appropriate instructions for my server system.
In my case, I have shell access to my server. So I visited the Certbot site and selected my web server and my operating system. The automated method is very interesting, as it installs the certificate and keeps it updated automatically. There are 2 ways to check the ownership of the site: by using your own web server, or the one that comes bundled with the tool. The latter requires to shut down your server temporarily, but it works very well, so if you can afford that downtime I recommend it.
The only missing thing to do after installing the certificate is configuring the web server and point to the certificate.
I use nginx in a Debian Linux server, so I opened
/etc/nginx/sites-enabled/davidmles.com and added
listen 443 ssl;. Then I added these two lines to use the certificate:
The directory already has proper permissions, so it’s something you should not worry about.
As I mentioned before, the Certbot tool will take care of updating the certificates, that’s why (I think) the subdirectory is named
I also added a new
server entry for port 80, so I can redirect to the secure protocol:
return 301 https://davidmles.com$request_uri;
Notice I’m using
https in the redirected URL. That way the HTTPS version is always used and duplicated content is avoided.
That’s it! Don’t forget to restart the webserver.