Enable HTTPS on your Website for Free

Https , Ssl , Certbot , Letsencrypt / May 31, 2019

It’s true. You do not have to pay 200 bucks just to get HTTPS working on your Website.

Certbot

Certbot issues Let’s Encrypt Certificates. Note that these Certificates will have a validity of 90 Days. Therefore make sure you renew these before the expiration date. Cerbot can automatically renew these Certificates for you. But I am not going to go into details on that. I am only going to explain how to get these Certificates manually using the Command Line.

First install Certbot on your machine.

# Using Homebrew for macOS
brew install certbot

Now you can run the below command to generate the Certs. I will verify the ownership of the domain by adding a TXT record.

sudo certbot certonly --manual --preferred-challenges dns --email pubuduwelagedara@gmail.com --domains localhost.kubefire.com

Say Y or N to the following.

certbot command

Do not hit Enter here until you add the TXT records.

certbot command

Go to GoDaddy and add a TXT record. Note that the host is _acme-challenge.localhost as GoDaddy appends .kubefire.com to that automatically.

certbot command

It may take a minute or two for the changes to propagate. Use dig command below to check if the TXT record is added.

dig -t txt _acme-challenge.localhost.kubefire.com +short

dig will not print anything if the record is not there.

certbot command

Hit Enter when you see an output for TXT lookup. If you have done everything right you will see the below message.

certbot command

Testing

To test I will write a simple Node.js HTTPS Server.

var https = require('https');
var fs = require('fs');

var httpsOptions = {
    key: fs.readFileSync('/etc/letsencrypt/live/localhost.kubefire.com/privkey.pem'),
    cert: fs.readFileSync('/etc/letsencrypt/live/localhost.kubefire.com/fullchain.pem')
};

var app = function (req, res) {
  res.writeHead(200);
  res.end("hello world\n");
}

https.createServer(httpsOptions, app).listen(8443);

Run it by using the below command.

node index.js

Before hitting the server, I will add an A record called localhost pointing to 127.0.0.1 for my kubefire.com domain( weirdly this works :blush:). When you hit https://localhost.kubefire.com:8443/ from the browser you should be able to see the Green Lock Icon which indicates that the Certificate is valid.

certbot command

In my next post I will look at ways to automate this process with GoDaddy.

Photo Credits

unsplash-logo Dominik Scythe