This blog does not support proper HTTPS connection yet.
So here starts my little research in how to get a proper HTTPS support, in the modern way.
Getting Apache to use HTTPS
This part is easy. Basically, one needs to do the following things:
- Create a new virtual host at port 443, and enable SSL engine;
- Set up a redirection at the original port 80, so that any attempt to access this website will be using https anyways.
- Enable the SSL module.
- Enable the socache_shmcb module. We really should have a module management system, but we don’t have one, so we manage the needed modules manually. Some software still behaves as if it is 1988.
Getting a certificate
But the tricky part is that a proper SSL server needs a pair of keys signed by a trusted certificate authority. This is traditionally a charged service, but people now figure out that having websites that do not support secure connections is an existential threat to the web ecosystem… so they started the service Let’s Encrypt. They provide free and automated certificates. They can only do domain validation, because that is the only kind of certificate that can be issued automatically.
So they created a tool called
certbot runs on the server and performs all the kinds of validation stuff and creates the certificate that I am now using.
Still, I wonder why HTTPs servers are not the Ubuntu default. Gentoo at least provides a dual-host default that provides an HTTP and an HTTPS server simultaneously and serving the same thing. Ubuntu’s default is two modules away from basic and necessary functionality! Anyway, it still follows that configuring servers is becoming easier and easier.