SSL/TLS certs for Apache and NGINX on aMiSTACX

Cloudflare FULL end-to-end HTTPS

TLS CERTIFICATES for HTTPS

There are many ways to proceed with implementing HTTPS on aMiSTACX. For the purpose of this article we will discuss four basic options: Free Self-Signed Placeholder, Cloudflare Free Origin Certificates, Let’s Encrypt Free Wildcard Certificates, and installing a paid certificate.

Self-Signed

Almost ALL stacks have a placeholder self-signed cert ready to use out-of-the-box. All you have to do is use https in your URL, add the exception to your browser, and you are good to go.

Tip! Very useful when using a host file for installation placeholders.

You can even leverage the placeholder certs even further by using Cloudflare and using their FULL TLS option to point to the placeholder cert, thus enabling end-to-end encryption, and avoiding the need to add an exception. As long as their CDN is ON, everything will be valid and secure.

Cloudflare Free Server Origin Certificates

aMiSTACX started to use Cloudflare origin certificates in 2020, and have been very pleased with ease of use and end-to-end encryption security provided by Cloudflare.

Tip: A51 has and an API integration for Cloudflare. It makes sense to make use of Cloudflare for your CDN, WAF, and DNS.

Note: Keep in mind that the edge certificates are now issued, and more than likely monitored, by “Google Trust Services LLC”. 😉

• 15 Year Expires
• End-to-End Encryption
• Wildcard subdomains supported
• Free!
• CF Strict SLL Mode Compatible

How to install Cloudflare Origin Certs >>

Let’s Encrypt for Testing

Most of our stacks are pre-loaded with certbot as we often use Let’s Encrypt for testing and demo purposes. It is not a recommended or suggested for production or private purposes as your IP address and email address is requested.

Here is a general format for a demo:

sudo certbot –{apache,nginx} -d {domain} –register-unsafely-without-email

Let’s Encrypt Free Wildcard Certificates

Let’s Encrypt has been offering wildcard TLS certificates since January 2018, and aMiSTACX has the Let’s Encrypt agent certbot-auto [G3, G4] or certbot [G5+] pre-installed.

This should cover all aMiSTACX G series running on Ubuntu 16 ~ 22 LAMP and LEMP stacks.

How to install Let’s Encrypt Wildcard Certificates >>

Installing a Paid Certificate

How to generate a CSR for paid certificates >>

HTTP to HTTPS Redirection

NGINX HTTP to HTTPS Redirection

There are many ways to accomplish HTTP to HTTPS redirection, so we’ll discuss two simple options that work.

  1. Use Cloudflare to handle HTTP to HTTPS redirects via a page rule, or their Always HTTPS. This process is actually more efficient as it keeps redirection processing at the CDN edge.
  2. Local server processing. To enable local HTTP to HTTPS server processing, you will need to remove the comment “#” from these sections.NGINX Http to Https
  3. Save file! And from from CLI: sudo service nginx restart

Overall all of the above are easy to implement, with the most cumbersome solution being the paid certificate option. Should you require any assistance, please check our site or make use of our bot first, before contacting support. It’s just humans are slower to respond.

~ Lead_Robot