New Course out now!
No Images? Click here
Hey there!
You know that little lock you see in front of URLs like this?
Well we've just added a NEW course, which shows you how to get a Free SSL certificate and setup a secure site yourself! 🔒 🎉
Check it out:
HTTPS With Let's Encrypt
Learn How to Get a Secure Lock Icon for Your Site
My favorite thing about this course was the all-in-one script that Nick put together for managing my SSL certificates. All I had to do was edit and run it. Also, I'm just starting out as a freelancer and being able to offer HTTPS as a feature is going to let me charge more for my services. Thanks Nick!
– Sébastien A., Web Developer
Free Automated A+ Plus Graded SSL Certificates With Let's Encrypt
Search engines (especially Google) and major browser vendors are really cracking down on insecure sites.
For example...
Google ranks insecure pages (HTTP) worse than secure pages (HTTPS).
As of mid-2014 Google has openly stated that HTTPS is now part of their page rank algorithm. Simply put, insecure sites being served over HTTP will rank worse than secure sites being served over HTTPS.
If that's not bad enough...
Chrome, FireFox and other browser vendors are adding more and more visual cues that make even non-technical folks aware that your site is dangerous to view.
It won't take long until all insecure sites are seen as being malicious and untrustworthy, even if you're technically not doing anything wrong. Although honestly, I would classify not securing your site as doing your visitors a disservice.
But it gets worse...
Insecure sites allow anyone to intercept and read the traffic between your visitors and your site.
That's because insecure sites transmit all data over plain text. This makes your visitor's data sensitive to man in the middle attacks, which in turn could be a disaster for both your audience and yourself.
Remember, most people using your site aren't tech savvy, and don't understand that by logging into an insecure site they are leaking sensitive data. If their account gets compromised, guess who they're gong to blame? Yep, your site.
It's your responsibility as a site owner to protect your visitors from such attacks...
The good news is, securing your site over HTTPS (with SSL certificates) fixes all of the above problems.
- Search engines will recognize that you care about security and they will rank you higher in organic search results.
- Browser vendors will give you a secure lock icon next to your domain name in the URL bar (just like this site). That's way better than a scary not secure label!
- Your visitor's browsing activity and data will be encrypted. That means anything your visitors send or receive through your site will be protected from anyone trying to read it. In other words, it's secure.
Why Setup Your Own Encryption with Let's Encrypt?
Most Other SSL Certificate Vendors Will Try to Rob You Blind
👍 Let's Encrypt
Free, automated and open certificate authority
- SSL certificates can be issued for free
- Open source tools and very transparent
- 100% hands free SSL certificate automation once you set it up
- Over 40 million+ certs issued and growing at remarkable speeds
- Well funded with a plan for the future
👎 Most Other SSL Certificate Vendors
Expensive, stuck in the past and piggy backs off others
About $10 / year for each individual SSL certificate
Closed source and cryptic (in hopes to trick you into spending $)
Need to manually renew certs every year, or your site stops working
Growth is coming to a grinding halt (people are getting smarter)
Unknown funding with a questionable future
Let's Encrypt Is the Best Thing Ever for HTTPS
1. Let's Encrypt is its own certificate authority, meaning it has been white listed by major browsers to offer trusted SSL certificates. Most other SSL certificate vendors are just re-sellers who leech off other certificate authorities because it's very difficult to become a trusted certificate authority.
2. Let's Encrypt allows you to issue SSL certificates for free. You can issue certificates for let's say: example.com, blog.example.com and admin.example.com for free. Other vendors would charge you $30 / year because you would need 3 separate certs (sub-domains need their own cert).
3. Let's Encrypt allows you to automate verifying and renewing your SSL certificates and doesn't require setting up any billing details. Other SSL vendors require you to manually renew each individual certificate on a yearly basis, and also keep your billing information up to date.
4. Let's Encrypt open sourced all of their tools and has a vibrant community built around it. Other SSL vendors keep everything behind closed doors and force you to use their difficult to use website because it's beneficial to them (example: they charge you certificate revoke fees if you mess up).
5. In 1 year, Let's Encrypt went from having 4+ million active SSL certificates to 40+ million active certs and their growth is exploding. Other SSL vendors are simply not issuing as many certs because people are beginning to realize they don't need to get price gouged to secure their site.
Learn All of the Steps to Host Your Own Site Along the Way
Here's What We'll Cover
A sprinkle of theory, followed by real world examples.
- Crash Course on SSL Certificates
- Create a server on DigitalOcean
- Securely host a website with Nginx and Apache
- Hook up a custom domain name* to your server
- Integrate and automate Let's Encrypt for A+ rated SSL certificates
*Don't worry, you'll still be able to follow along if you don't have a custom domain name.
Who Is This For?
Web developers who want to secure their site
You don't need to be a programming wizard to follow along, but you will want a bit more experience than just creating a few HTML sites.
This course covers a lot of ground but I do explain each step of the way, and if you have the willingness to fiddle around with Bash scripts and Nginx configs (with video guidance), you'll do just fine.
Production Ready Configs and Scripts to Secure Any Site Using Nginx or Apache
What about Golang, Phoenix and anything else? That's ok, they will work too!
About the Author
Hi, I'm Nick Janetakis
I've built many projects with Flask and Docker over the years.
I'm a self taught full stack developer who has been learning and working as a freelance consultant for the last 20 years. The battle hardened source code used in this course is what I've personally used and tweaked from real world experience.
Over 20,000 people have taken at least one of my courses, which includes Dive Into Docker and HTTPS With Let's Encrypt.
How do you get access to the course? Join SitePoint Premium and get access to this course, plus 350+ other books and courses for just $6/month!
Happy learning!
Dianne from SitePoint
