Why do I need SSL\/TLS?<\/p>\n
Maybe your website does not require any sensitive personal information such as a credit card or SIN, but if you simply log in to your block to make a post you are typing your password, and this password is traveling on the internet as a plain text, unencrypted.<\/p>\n
Easily (and more often than you think) someone connected to your network or if you are in public wifi (this is the worse scenario) can read and get your credentials. Often we share passwords to make it easier to remember, and then someone can possibly still your blog, your social network account, or your email. So, you need SSL\/TLS!<\/p>\n
sudo apt update\r\nsudo apt upgrade\r\nsudo apt install libapache2-mod-md\r\nsudo a2enmod md\r\nsudo systemctl restart apache2\r\nsudo a2enmod ssl\r\nsudo systemctl reload apache2<\/pre>\nEdit the configuration file of the site you want to protect:<\/p>\n
sudo nano \/etc\/apache2\/sites-available\/example.com.conf<\/pre>\nAdd at the top of the file:<\/p>\n
ServerAdmin webmaster@example.com\r\nMDCertificateAgreement accepted\r\nMDomain example.com\r\nMDPrivateKeys RSA 4096<\/pre>\nDuplicate the configuration block below with all the content in it:<\/p>\n
<VirtualHost *:80>\r\n...\r\n<\/VirtualHost><\/pre>\nAt the end of the first block you can add the following lines if you want the webserver to always change from plain text to encrypted:<\/p>\n
<VirtualHost *:80>\r\n...\r\nRewriteEngine On\r\nRewriteRule ^(.*)$ https:\/\/%{HTTP_HOST}$1 [R=301,L]\r\n<\/VirtualHost><\/pre>\nThe second block will look like this:<\/p>\n
<VirtualHost *:443>\r\nSSLEngine on\r\nSSLProtocol all -SSLv2 -SSLv3\r\nSSLHonorCipherOrder on\r\nSSLCipherSuite<\/strong> \"EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4\"\r\n...\r\nProtocols h2 http\/1.1\r\nHeader always set Strict-Transport-Security \"max-age=63072000\"\r\n<\/VirtualHost><\/pre>\n