This is Tatsuno Information Systems Tokyo Team💻! This time, I would like to write an article about SSL. I would like to write an article about SSL.
Click here for table of contents
- 1. what is SSL?
- 2. what is Let's Encrypt?
- 3. summary
What is SSL?
SSL (Secure Sockets Layer) is a mechanism that encrypts the communication of data between a web browser and a web server on the Internet for transmission and reception. By encrypting the communication, it prevents third parties from eavesdropping. It is essential to improve the safety of communication.
The role of ▼SSL
encryption
Using SSL encrypts the information being transmitted. Even if the information is seen during transmission, the encryption protects the important information.
certification
SSL is only issued to servers that have been authenticated in a variety of ways; having SSL is proof of authenticity. Having an SSL certificate is a sign of reliability and gives users a sense of security.
Certificate of encryption "https
When a page has SSL installed, the URL will start with "https:" and a key mark will appear.
The location of the key mark will vary depending on the browser you are using.
What is Let's Encrypt?
Let's Encrypt is a free SSL certification authority that anyone can use. This is a service provided by ISRG (Internet Security Research Group), an American non-profit organization, since 2016.
The most significant difference is the cost sharing.
Many SSL certificates need to be purchased, but not Let's Encrypt.
Difference in cryptographic strength
You may think that paid certificates have stronger cryptographic strength, but they have the same cryptographic strength as free certificates.
Just because it's free doesn't mean it uses cryptography that's easy to crack.
Differences in support response
If you need extensive support, you may want to purchase a paid certificate.
In addition, there may be additional services in the case of paid certificates, so please take that into account as well.
Try to install Let's Encrypt.
Here we are using Amazon Linux.
Also, for the convenience of saving files in the /usr/bin/ directory, the work is performed with root privileges.
Bring the file by curl
curl https://dl.eff.org/certbot-auto -o /usr/bin/certbot-auto
Grant 700 privileges
chmod 700 /usr/bin/certbot-auto
Obtain a certificate
cd /usr/bin/
. /certbot-auto certonly -webroot -w /var/www/html -d [domain/URL to apply SSL] -email [email address] -n -agree-tos -debug
If there are no particular problems, the above command will complete the process of issuing the certificate.
The issued certificate is stored in the following location
/etc/letsencrypt/live/in the specified domain and URL name/ directory
cert.pem
chain.pem
fullchain.pem
privkey.pem
If you are using Apache, the following configuration will work.
SSLCertificateFile /etc/letsencrypt/live/specified-domain-url-name/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/specified-domain-url-name/privkey.pem
After completing the above settings, restart Apache and try to access the site using https.
Now that you have safe access, you can automate the renewal process.
The Let's Encrypt certificate is 90 days, so you should do it.
This time, it is the easiest way to register to cron. Just put the following statement in the crontab, and it will be updated automatically.
00 04 * * 0 /usr/local/bin/certbot-auto renew 2>&1 | mail -s "Let's Encrypt update information" Usually used Email address && /etc/init.d/httpd restart
You will now receive an email with the results of the automatic process, whether or not you need to update, and if so.
summary
In this article, we have introduced the functions and roles related to SSL and how to set up SSL using Let's Encrypt, albeit briefly. By all means, refer to this article and get familiar with the SSL settings!
English 
Japanese