{"id":569,"date":"2016-12-03T14:38:20","date_gmt":"2016-12-03T18:08:20","guid":{"rendered":"https:\/\/blog.pelleys.com\/?p=569"},"modified":"2016-12-03T14:38:20","modified_gmt":"2016-12-03T18:08:20","slug":"moving-pelleys-com-to-tls-connections","status":"publish","type":"post","link":"https:\/\/blog.pelleys.com\/?p=569","title":{"rendered":"Moving Pelleys.com to TLS Connections"},"content":{"rendered":"<p>Well, I have most of the Pelleys.com web sites migrated to TLS certificates. (I want to say SSL but &#8220;SSL&#8221; is obsolete.) I have actually wanted to do this for some time but I did not want to pay for the privilege. However, on October 8, 2016, <a href=\"https:\/\/security.googleblog.com\/2016\/09\/moving-towards-more-secure-web.html\">Google announced<\/a> on the\u00a0<span style=\"text-decoration: underline;\">Google Security Blog<\/span>\u00a0that &#8220;(b)eginning in January 2017 (Chrome 56), we\u2019ll mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure&#8221; and that &#8220;(e)ventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.&#8221; So, I decided to get my arse into gear and do something about it.<\/p>\n<p><a href=\"https:\/\/blog.pelleys.com\/?attachment_id=570\" rel=\"attachment wp-att-570\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-570 alignleft\" src=\"https:\/\/blog.pelleys.com\/wp-content\/uploads\/2016\/12\/lelogo.png\" alt=\"Let's Encrypt Logo\" width=\"186\" height=\"50\" srcset=\"https:\/\/blog.pelleys.com\/wp-content\/uploads\/2016\/12\/lelogo.png 415w, https:\/\/blog.pelleys.com\/wp-content\/uploads\/2016\/12\/lelogo-300x80.png 300w\" sizes=\"auto, (max-width: 186px) 100vw, 186px\" \/><\/a><\/p>\n<p>A quick web search led me to <a href=\"https:\/\/letsencrypt.org\/\">Let&#8217;s Encrypt <\/a>which is a &#8220;free, automated, and open&#8221; certificate authority. \u00a0The list of <a href=\"https:\/\/letsencrypt.org\/sponsors\/\">current sponsors<\/a> for Let&#8217;s Encrypt is quite impressive including Mozilla, Akamai, Cisco, Chrome and (of course) the EFF. The documentation is pretty good but, as Let&#8217;s Encrypt notes, this is beta so&#8230;<\/p>\n<p>The biggest problem I had is likely related to the fact that <a href=\"http:\/\/www.pelleys.com\">www.pelleys.com<\/a>, <a href=\"http:\/\/blog.pelleys.com\">blog.pelleys.com<\/a> and <a href=\"http:\/\/wx.pelleys.com\">wx.pelleys.com<\/a> have been migrated one to many times between various versions of CentOS and Apache and my config files are, to be charitable, a mess. After some messing around I determined that when using VirtualHost what seems to work for me was for each individual VirtualHost I had to use:<\/p>\n<blockquote><p>&lt;path&gt;\/certbot-auto -d full_fqdn_virtualhost -d\u00a0full_fqdn_virtualhost<\/p><\/blockquote>\n<p>Maybe (likely?) I missed that in the many examples but if someone finds this useful &#8211; Great!<\/p>\n<p>The only thing that I that Let&#8217;s Encrypt is lacking, from my perspective, is that:<\/p>\n<ol>\n<li>It is *nix-centric &#8211; not a big issues since I use Ubuntu and CentOS; and<\/li>\n<li>I have yet to determine how to put the Let&#8217;s Encrypt certificates on a firewall (e.g., for SSL-VPN connections). This may be likely, in my opinion, that those using SSL-VPN connections are businesses not home geeks like me \ud83d\ude42 I will keep digging. If I find out something I will post it.<\/li>\n<\/ol>\n<p>The other bit is that if you are using WordPress &#8211; you likely noted that I do since you are reading this post \ud83d\ude42 &#8211; that once you upgrade the at the web server level (e.g., Apache)\u00a0the site will still be &#8220;broken&#8221; since the inpage links to graphics, etc., are listed as HTTP instead of HTTPS. To fix this install the <a href=\"https:\/\/wordpress.org\/plugins\/really-simple-ssl\/\">Really Simple SSL <\/a>plugin for WordPress and follow the instructions.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Well, I have most of the Pelleys.com web sites migrated to TLS certificates. (I want to say SSL but &#8220;SSL&#8221; is obsolete.) I have actually wanted to do this for some time but I did not want to pay for &hellip; <a href=\"https:\/\/blog.pelleys.com\/?p=569\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-569","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/blog.pelleys.com\/index.php?rest_route=\/wp\/v2\/posts\/569","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.pelleys.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.pelleys.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.pelleys.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.pelleys.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=569"}],"version-history":[{"count":0,"href":"https:\/\/blog.pelleys.com\/index.php?rest_route=\/wp\/v2\/posts\/569\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.pelleys.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=569"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.pelleys.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=569"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.pelleys.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=569"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}