Securing your self-hosted website with Let’s Encrypt

Continue reading “Securing your self-hosted website with Let’s Encrypt”

Securing your self-hosted website with Let’s Encrypt, part 5: I have HTTPS, and now what?

In part 4, we looked at hardening default configurations and avoiding known vulnerabilities, but what other advantages are there to having our sites run HTTPS?

First, a recap of what we get by using HTTPS:

  • Privacy – no one knows what are your users accessing
  • Integrity – what is sent between you and your users is not tampered with at any point*

*unless the uses’ computers are infected with a virus or some kind of browser malware that modifies pages after the browser has decrypted them, or modifies the content before sending it back to the network via the browser–Remember I said that security is not 100% guaranteed? Sorry to scare you. You’re welcome 😎

So that’s cool, but there’s even more!
Continue reading “Securing your self-hosted website with Let’s Encrypt, part 5: I have HTTPS, and now what?”

Securing your self-hosted website with Let’s Encrypt, part 4: hardening default setups and avoiding known vulnerabilities

In part 3, we looked at how to finally use Let’s Encrypt to issue and renew certificates for our domains. But I also finished with a terrifying cliffhanger: basic HTTPS setups can be vulnerable to attacks! Gasp…!

Let me start by clarifying that I am not a security expert and if someone breaks into your system I will take no responsibility whatsoever, lalalala…

Continue reading “Securing your self-hosted website with Let’s Encrypt, part 4: hardening default setups and avoiding known vulnerabilities”

Securing your self-hosted website with Let’s Encrypt, part 3: using Let’s Encrypt

In part 2, we looked at how HTTPS works in practice, what role certificate authorities play  and where Let’s Encrypt can make things easier.

Now we will finally look at how to use Let’s Encrypt to make your life easier, safer and more private!

Continue reading “Securing your self-hosted website with Let’s Encrypt, part 3: using Let’s Encrypt”

Securing your self-hosted website with Let’s Encrypt, part 2: HTTPS and certificate authorities

In part 1, we looked at how HTTP and HTTPS are and how they work together to protect users and servers from crackers and other parties interested in tampering and spying the data transmitted over HTTP. We also concluded that moving to HTTPS is the natural evolution, given the abundance and ease of attacks against unencrypted connections. Remember also: HTTPS will guarantee privacy and integrity, but it will not hide the fact that a connection is taking place between a server and another machine. Ports and IP addresses are still exposed.

In this part we will look at how HTTPS works in practice, what role certificate authorities play and where Let’s Encrypt can make things easier.

Continue reading “Securing your self-hosted website with Let’s Encrypt, part 2: HTTPS and certificate authorities”