HTTPS

SSL certificate obtained through Let's Encrypt. Let's Encrypt is a cert authority who provides free HTTPS certificates. Certbot is Let's Encrypt's Client that makes managing certs easier.

Generate & Install HTTPS certificates:

Assumes NGINX + Ubuntu 14.04
Based on medium.freecodecamp.org

1. Open up ports 80 (HTTP) and 443 (HTTPS) in your AWS instance Security Group

2. Point domain at EC2 public DNS of Instance

3. Run the following:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
cd /home/ubtuntu

4. Run the following replacing www.hoonahstewards.net if needed and as many times as needed for additional certs:

./certbot-auto certonly --standalone -d www.hoonahstewards.net

5. Change your NGINX configuration by adding

server {
    listen 443 ssl;
    server_name www.hoonahstewards.net;
    ssl_certificate /etc/letsencrypt/live/www.hoonahstewards.net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.hoonahstewards.net/privkey.pem;
    add_header Strict-Transport-Security “max-age=31536000”;
}

6. Restart NGINX

sudo service nginx reload

7. Set up CRON job to renew cert, because certs obtained through let's encrypt expire every 3 months https://loune.net/2016/01/https-with-lets-encrypt-ssl-and-nginx/

Renew HTTPS certificates manually:

1. ssh into server and activate the environment

   ssh hoonah
   source /usr/local/apps/marineplanner-core/env/bin/activate
   

2. cd /home/ubuntu/
   

3. ./certbot-auto renew
   

If cert won't renew see https://github.com/certbot/certbot/issues/5405#issuecomment-356498627