Securing your self-hosted website with Let’s Encrypt

Continue reading “Securing your self-hosted website with Let’s Encrypt”

Securing your self-hosted website with Let’s Encrypt, part 4: hardening default setups and avoiding known vulnerabilities

In part 3, we looked at how to finally use Let’s Encrypt to issue and renew certificates for our domains. But I also finished with a terrifying cliffhanger: basic HTTPS setups can be vulnerable to attacks! Gasp…!

Let me start by clarifying that I am not a security expert and if someone breaks into your system I will take no responsibility whatsoever, lalalala…

Continue reading “Securing your self-hosted website with Let’s Encrypt, part 4: hardening default setups and avoiding known vulnerabilities”

Securing your self-hosted website with Let’s Encrypt, part 3: using Let’s Encrypt

In part 2, we looked at how HTTPS works in practice, what role certificate authorities play  and where Let’s Encrypt can make things easier.

Now we will finally look at how to use Let’s Encrypt to make your life easier, safer and more private!

Continue reading “Securing your self-hosted website with Let’s Encrypt, part 3: using Let’s Encrypt”

Securing your self-hosted website with Let’s Encrypt, part 2: HTTPS and certificate authorities

In part 1, we looked at how HTTP and HTTPS are and how they work together to protect users and servers from crackers and other parties interested in tampering and spying the data transmitted over HTTP. We also concluded that moving to HTTPS is the natural evolution, given the abundance and ease of attacks against unencrypted connections. Remember also: HTTPS will guarantee privacy and integrity, but it will not hide the fact that a connection is taking place between a server and another machine. Ports and IP addresses are still exposed.

In this part we will look at how HTTPS works in practice, what role certificate authorities play and where Let’s Encrypt can make things easier.

Continue reading “Securing your self-hosted website with Let’s Encrypt, part 2: HTTPS and certificate authorities”