Install let's Encrypt and force site to use https

SSL is becoming an important part of every website day by day because of the exponential increase of credit card use for online payments and spike in hacking. If an E-commerce site is not using HTTPS, then users will think that information exchange is not secure and they will not trust the site. For those who don’t know what SSL is, it is a certificate which is installed on your site to make the communication between the server and the user encrypted in such a way that only the server and the user will understand the information which is being transferred between them.

What is Let’s Encrypt

Let’s Encrypt is a free SSL certificate approved by IETF(Internet Engineering Task Force). It is an open certificate authority and is secured. The certificate installs through Let’s Encrypt and expires after three months so you need to reissue it before it gets expired. Some of the hosting providers and platforms have started offering Let’s Encrypt to their users and one such platform is Cloudways which has Let’s Encrypt on single click and they also renew the certificate automatically. Let us now show you how to install SSL certificate manually.

Installing SSL Certificate Using Let’s Encrypt

If your hosting providers are giving you root access then installing Let’s Encrypt SSL using SSH is quite easy. What you do is to follow the following steps.

First, install Let’s Encrypt on your server by running the following command:

git clone https://github.com/letsencrypt/letsencrypt

Once installed, move to its directory by:

cd letsencrypt

Now, let’s install the certificate by running the following command:

./letsencrypt-auto --help

Now the certificate will be installed on your server. But you need to renew it before 3 months have elapsed. The command for renewal is:

letsencrypt renew --dry-run

It renews all your certificates. If you are running Apache on the most recent Debian OS, there is a single query which will automatically install and renew your certificate. Which is:

letsencrypt --apache

The thing to keep in mind is that Let’s Encrypt will generate only 5 certificates for a unique domain in a week. So don’t try to renew your certificate every day. Now that the certificate is installed, the one thing left is to force our site to use HTTPS. Let’s do it.

Force Site to Use HTTPs

Once a certificate is installed on your server, two sites will be running having the same domain. One will be with http, and second will be with https. If we look from the SEO point of view, you will see that 2 different sites having same content are running which is not good for search engine rankings. In order to make it right, we will force our site to use only https for all pages of our domain. For that, follow the following step.

Open your .htaccess file if you have previously created it, or create a new one and paste the following code in it.

#Redirect HTTP to HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

The end

So now, whenever a user visits your site it will automatically redirect to the HTTPS version of your site.

Hopefully this simple tutorial helped you with your development. If you like our post, please follow us on Twitter and help spread the word. We need your support to continue. If you have questions or find our mistakes in above tutorial, do leave a comment below to let us know.

Author Bio

Ahmed Khan is the PHP Community Manager at Cloudways, a hosting company that specializes in optimized PHP hosting services. He writes about PHP, MySQL and covers different tips and tricks related to PHP. He is currently active on Cloudways and other different blogs. When he is not writing about PHP, he likes watching The Flash, Game Of Thrones and is a die-hard fan of DC Comics. You can follow him on Twitter or connect with him on Facebook.