Enable HTTPS with Let’s Encrypt CA

:warning: A reminder that SSL standard had not been updated since 1996. Stop Using SSL! :heart: The current standard is TLS. This is the term to use.

dev domains

get.dev explains Google’s new gTLD: the .dev top-level domain is included on the HSTS preload list, making HTTPS required on all connections to .dev websites and pages withouth needing individual HSTS registration or configuration. Security is built in.

Certificate Authorities (CA)

Let’s Encrypt is a modern Certificate Authority using ACME protocol.

Web server configuration

Use Mozilla SSL Configuration Generator to generate the web server application configuration.

Options (set both):

More guidance:

The article Let’s Encrypt my servers with acme tiny explains the use of acme-tiny and Ansible.

Testing web server configuration

Use SSL Labs.

Renewal of certificates

:warning: Certbot must be installed on the server, but it needs a whole lot of Python libraries. What’s the best practice?