ada recommended color contrast radios be damned

Install SSL Certificates With CertBot

SSL certificates protect your visitors’ data, increase your search engine ranking and help establish trust with your audience.

You can install SSL certificates on your websites for free with Let’s Encrypt and Certbot from the Electronic Frontier Foundation.

Before you can install SSL certificates for your domains on your server, you need to create a DNS ‘A’ or ‘Address’ record for each of your domains at your domain registrar (eg: GoDaddy, Amazon Route 53, etc) that points at the IP address of your server. Certbot will check each domain to confirm that the ‘A’ or ‘Address’ record exists and that it points at your server before it will issue the SSL certificate.

Install SSL Certificates with Certbot

SSH into your web server:

ssh -i ~/.ssh/supernifty supernifty@ RETURN

Install the Certbot software on the Apache web server:

sudo apt install certbot python3-certbot-apache RETURN

Install SSL certificates for each of your domains:

sudo certbot –apache RETURN

You’ll be asked for an email address for renewal and security notices, you’ll need to accept the terms and conditions, etc.

If you have multiple domains configured on the server, it will display them as an ordered list and ask you which specific domain you’d like to work with. Either pick the domain you want to work with or leave the answer blank and it will attempt to install SSL certificates for all of them.

You’ll be asked if you’d like to redirect all traffic to your website(s) to https.

SSL certificates are designed to auto-expire in order to keep the encryption for your website up to date. When you first create an SSL certificate, Certbot sets a timer that auto-renews your SSL certificate every 3 months.

To confirm that the timer is working properly:

sudo systemctl status certbot.timer RETURN

to get a timer status report. When you’re finished, hit CONTROL-C to return to the command prompt.

To do a dry run of the SSL certificate renewal process:

sudo certbot renew –dry-run RETURN

and it will run through the paces of the renewal process without affecting the current SSL certificate you just installed.

After you’ve gone through the process above, you should be able to securely visit your websites via https.

Now you’re ready to install Fail2Ban which helps protect your server by automatically blocking any IP address that it sees malicious activity coming from.