Websites with valid SSL certificates ensure that your site is better protected against malicious users. It also hinders malicious users from listening into data flowing from your website visitors to your servers.
Installing LetsEncrypt certificates is suitable if you have ssh access to your server and if your fairly technically savvy. To install LetsEncrypt certificates.
You first need to ssh into your server and install CertBot . For an ubuntu server, you can install certbot for apache using the following command
sudo apt-get install python-certbot-apache
If you have a nginx server, you can install it using the following command
sudo apt-get install python-certbot-nginx
Next you have to tell CertBot to generate the SSL certificates for your websites, you can do this for apache using the following command
sudo certbot --apache -d example.com -d www.example.com
The above command command will generate the certificates for the root domain example.com and the subdomain www.example.com. The –apache option tells CertBot that we are using a apache webserver, if you are using nginx webserver, you can specify –nginx instead.
LetsEncrypts SSL certificates are valid for 90 days, but CertBot automatically renew them. You can test if the renewal process works by using the following command
certbot renew --dry-run
Installing SSL certificates through CLoudflare can be achieved through a few clicks. You need to create a free account with cloudflare and then point your domain’s nameserver to cloudflare.
Next in the “crypto” section in the cloudflare dashboard of your website, you need to set “Always use HTTPS” to ON, set “Automatic HTTPS Redirects” to ON and set SSL to “Flexible SSL”. CloudFlare will then provision a SSL certificate within 24 hours and apply it to your site.
Mixed Content Errors
After you have implemented SSL for your websites, you may see some resources such as scripts or images not load and throw mixed content errors, this is due to your website being served with an SSL certificate by the resources being served using HTTP origins. To fix this, you need to update all the resources to be served from HTTPS origins.