HTTPS is an important option for modern websites. With free SSL certificates from Let's Encrypt there is no excuses do not use it.
First of all, you have to need download Certbot install script:
$ wget https://dl.eff.org/certbot-autoGive the permission for the file execution
$ chmod a+x ./certbot-autoThen run it:
$ ./certbot-auto certonly --manualThe script will install all necessary packages and run certbot. Now you need to answer for a list of questions.
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): xxxxx@mydomain.com
-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree
in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: a
-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: y
Please enter in your domain name(s) (comma and/or space separated)
(Enter 'c' to cancel):mydomain.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mydomain.com
-------------------------------------------------------------------------------
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.
Are you OK with your IP being logged?
-------------------------------------------------------------------------------
(Y)es/(N)o:yThan you'll see something like that:
-------------------------------------------------------------------------------
Make sure your web server displays the following content at
http://mydomain.com/.well-known/acme-challenge/some-hash before continuing:
some-answer-lineThis is a necessary to prove that you are the owner of the domain. And this part requires some changes in your application code. Add the next two lines to your settings module:
LETSENCRYPT_URL = os.environ.get('LETSENCRYPT_URL')
LETSENCRYPT_RESPONSE = os.environ.get('LETSENCRYPT_RESPONSE', '')Then add the next lines to the main urls.py:
if settings.LETSENCRYPT_URL:
from django.http import HttpResponse
urlpatterns += [
url(
settings.LETSENCRYPT_URL,
lambda r: HttpResponse(settings.LETSENCRYPT_RESPONSE, content_type='text/plain'),
),
]Now you need to setup environment variables LETSENCRYPT_URL and LETSENCRYPT_RESPONSE and restart the project dynos.
Wait a few seconds for verification and the next message will be appeared:
web app
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/mydomain.com/fullchain.pem. Your cert will expire on XXXX-XX-XX. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To
non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-leNow you can use the files fullchain.pem and privkey.pem for Heroku.
And the last, do not forget to change your DNS:
