As I said in my previous tutorial, I don’t have a lot of technical writing from my day job that I can share with the public and prospective employers. To mitigate this, I’ve been creating some beginner-level articles on managing WordPress on Amazon Web Services for this portfolio site. So if you have completed my Introduction to Hosting WordPress on Amazon Web Services (AWS) tutorials, here’s one about HTTPS, SSL/TLS certificates, and how you can install them on your WordPress instance running on an EC2 instance – for free!
HTTP Secure, also known as HTTPS, is an encryption protocol that protects data as it is transmitted over the Internet. HTTPS can be used by your web browser to securely connect to a website so that your data cannot be intercepted and read while it is in transit. You may be familiar with the https:// that appears in the address bar of your browser, and the lock icon (normally a green lock icon) that appears to the left of the URL that appears in the address bar.
HTTPS achieves three primary objectives necessary for secure Internet communications:
- HTTPS encrypts the data sent and received, meaning eavesdroppers won’t be able to consume the data just by intercepting it.
- HTTPS maintains data integrity, because the data cannot be altered or corrupted while it is in transmission.
- HTTPS provides authentication: the certificate system that makes HTTPS work means that you can trust that you are talking to the server or website that you intend to.
HTTPS isn’t only necessary for when you are logging on to your bank’s website, or buying something online, or checking your email through your web browser. There is a movement to make sure that all web traffic is sent and received using the HTTPS protocol. For example, Google now identifies websites that appear in its search results as “not secure” if the website is not using HTTPS in an effort to gently persuade more webmasters to switch to HTTPS.
The bottom line: HTTPS is good for you, good for your website, good for your readers, and good for the Internet. It also makes your website look extra professional when visitors see that lock icon and the https://!
Previously, the certificates needed to enable HTTPS communications were often sold, and that’s why you normally only see them on places like e-commerce sites. However, there is an organization out there that is trying to make HTTPS available to everybody, for free. Let’s Encrypt is a free and automated Certificate Authority (CA) that will issue the SSL/TLS certificates necessary for HTTPS to anybody who can figure it out. Let’s Encrypt is a project of the Internet Security Research Group (ISRG), which includes sponsors from the Electronic Frontier Foundation (EFF) to Google Chrome to Facebook.
You will often see the certificates that make HTTPS possible on a website referred to interchangeably as SSL (Secure Sockets Layer) or Transport Layer Security (TLS) certificates. Even the title of Let’s Encrypt website is “Let’s Encrypt – Free SSL/TLS Certificates.” Secure Sockets Layer and Transport Layer Security are both encryption protocols (not encryption algorithms). However, Secure Sockets Layer is older and is no longer considered secure. Transport Layer Security, which is compatible with most previous uses of SSL, is the protocol you should use, and the certificates I install and renew in this series of articles actually support TLS. The convention is still to use “SSL/TLS,” so I will use that term as well.
These three articles will walk you through the steps that you need to install an SSL/TLS certificate from Let’s Encrypt on an Amazon Web Services (AWS) EC2 instance. In my case, I am using the WordPress Certified by Bitnami EC2 instances available in the AWS Webstore, and these articles are adapted from Bitnami’s Generate and Install a Let’s Encrypt SSL Certificate for a Bitnami Application tutorial, with some of my own experience thrown in.
Like my first set of tutorials, if you have a basic amount of understanding of self-hosted WordPress should be able to follow along. These steps are quite platform-agnostic when it comes to your computer, operating system, browser, and other applications. In my case:
- I worked on a WordPress Certified by Bitnami EC2 instance on Amazon Web Services (AWS)
- I used my MacBook, so these tutorials are in macOS
- I used Firefox
- I used Terminal as my command line interface
- I used Cyberduck as an FTP client
Here is my series of tutorials. They are designed to be read and implemented in order, but they don’t have to be:
- Install a Let’s Encrypt SSL/TLS Certificate on an AWS EC2 Instance: Install the Let’s Encrypt client on an EC2 instance running Linux and Apache and create your first Let’s Encrypt TLS/SSL certificate.
- Renew a Let’s Encrypt SSL/TLS Certificate on an AWS EC2 Instance: TLS/SSL certificates from Let’s Encrypt expire every 90 days. This article tells you how to fix that.
- Automate the Renewal of a Let’s Encrypt SSL/TLS Certificate on an AWS EC2 Instance: Once you are comfortable with renewing your Let’s Encrypt certificate, there’s a way to automate that renewal.