- HTTPS and certificate authorities
- Using Let’s Encrypt to generate and renew digital certificates
- Hardening default setups and avoiding known vulnerabilities
- I have HTTPS, now what?
- WordPress considerations
- A workflow to migrate from HTTP to HTTPS
- More cool things about Let’s Encrypt
In part 3, we looked at how to finally use Let’s Encrypt to issue and renew certificates for our domains. But I also finished with a terrifying cliffhanger: basic HTTPS setups can be vulnerable to attacks! Gasp…!
Let me start by clarifying that I am not a security expert and if someone breaks into your system I will take no responsibility whatsoever, lalalala…
In part 2, we looked at how HTTPS works in practice, what role certificate authorities play and where Let’s Encrypt can make things easier.
Now we will finally look at how to use Let’s Encrypt to make your life easier, safer and more private!
In part 1, we looked at how HTTP and HTTPS are and how they work together to protect users and servers from crackers and other parties interested in tampering and spying the data transmitted over HTTP. We also concluded that moving to HTTPS is the natural evolution, given the abundance and ease of attacks against unencrypted connections. Remember also: HTTPS will guarantee privacy and integrity, but it will not hide the fact that a connection is taking place between a server and another machine. Ports and IP addresses are still exposed.
In this part we will look at how HTTPS works in practice, what role certificate authorities play and where Let’s Encrypt can make things easier.