I didn’t keep up with my promise to blog more regularly from summer 2016, but it’s a new year and I’m giving it another go.
To start things off, I decided to finally enable HTTPS for this site and my separate site for short fiction. Even though these sites are low-traffic and don’t deal with any sensitive information, it’s still a good idea to support HTTPS. See https://www.eff.org/encrypt-the-web for some background on why.
I had looked at doing this when I first started running this site, but at the time it was a pretty tedious process. Today it’s straightforward, even though I’m on shared hosting.
First I needed to get certificates. I chose to use Let’s Encrypt, since it’s free, highly automated, and a joint, open effort. To actually interact with Let’s Encrypt, I installed the Acme PHP client on my web hosts. This tool allowed me to obtain the certificates via one shell command:
php bin/acme issue --domains andrewjamesjohnson.com:www.andrewjamesjohnson.com --path /home/andrewja/public_html:/home/andrewja/public_html --server letsencrypt
Then I modified the .htaccess file to redirect all HTTP traffic to HTTPS:
RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
And that’s it!
The only piece I don’t have totally working is automatic renewal of my certificates. I’ve got the renewal happening on a cron but it’s not yet updating the one used by the site.