- HTTPS and certificate authorities
- Using Let’s Encrypt to generate and renew digital certificates
- Hardening default setups and avoiding known vulnerabilities
- I have HTTPS, now what?
- WordPress considerations
- A workflow to migrate from HTTP to HTTPS
- More cool things about Let’s Encrypt
PHEW! That was a lot of blog posts in just a couple of days, but I wanted to make sure that individual ‘topics’ had their own URL so people can link to the bit that they find more interesting and ignore everything else.
To finish, I would like to present together a number of interesting and cool facts about Let’s Encrypt which I omitted before because they were not directly related to using it.
In part 5, we looked at the great things you can do when your website is running over HTTPS, but we didn’t get into specifics of which type of website and the particular considerations you should have in mind.
There are so many types of websites that I am not going to start looking at all of them because that would probably end up being the work I do until the end of my days (exaggerating, me??). But I will look at a very popular type of website with which I have hands-on experience–WordPress!
In part 4, we looked at hardening default configurations and avoiding known vulnerabilities, but what other advantages are there to having our sites run HTTPS?
First, a recap of what we get by using HTTPS:
- Privacy – no one knows what are your users accessing
- Integrity – what is sent between you and your users is not tampered with at any point*
*unless the uses’ computers are infected with a virus or some kind of browser malware that modifies pages after the browser has decrypted them, or modifies the content before sending it back to the network via the browser–Remember I said that security is not 100% guaranteed? Sorry to scare you. You’re welcome 😎
So that’s cool, but there’s even more!
Continue reading “Securing your self-hosted website with Let’s Encrypt, part 5: I have HTTPS, and now what?”
In part 3, we looked at how to finally use Let’s Encrypt to issue and renew certificates for our domains. But I also finished with a terrifying cliffhanger: basic HTTPS setups can be vulnerable to attacks! Gasp…!
Let me start by clarifying that I am not a security expert and if someone breaks into your system I will take no responsibility whatsoever, lalalala…