TLS CERTIFICATES for HTTPS
There are many ways to proceed with implementing HTTPS on aMiSTACX. For the purpose of this article we will discuss four basic options: Free Self-Signed Placeholder, Cloudflare Free Origin Certificates, Let’s Encrypt Free Wildcard Certificates, and installing a paid certificate.
Almost ALL stacks have a placeholder self-signed cert ready to use out-of-the-box. All you have to do is use https in your URL, add the exception to your browser, and you are good to go.
Tip! Very useful when using a host file for installation placeholders.
You can even leverage the placeholder certs even further by using Cloudflare and using their FULL TLS option to point to the placeholder cert, thus enabling end-to-end encryption, and avoiding the need to add an exception. As long as their CDN is ON, everything will be valid and secure.
Cloudflare Free Server Origin Certificates
aMiSTACX started to use Cloudflare origin certificates in 2020, and have been very pleased with ease of use and end-to-end encryption security provided by Cloudflare.
Tip: A51 has and an API integration for Cloudflare. It makes sense to make use of Cloudflare for your CDN, WAF, and DNS.
Note: Keep in mind that the edge certificates are now issued, and more than likely monitored, by “Google Trust Services LLC”. 😉
• 15 Year Expires
• End-to-End Encryption
• Wildcard subdomains supported
• CF Strict SLL Mode Compatible
Let’s Encrypt Free Wildcard Certificates
Let’s Encrypt has been offering wildcard TLS certificates since January 2018, and aMiSTACX has the Let’s Encrypt agent certbot-auto [G3, G4] or certbot [G5+] pre-installed.
This should cover all aMiSTACX G series running on Ubuntu 16 ~ 22 LAMP and LEMP stacks.
Installing a Paid Certificate
HTTP to HTTPS Redirection
NGINX HTTP to HTTPS Redirection
There are many ways to accomplish HTTP to HTTPS redirection, so we’ll discuss two simple options that work.
- Use Cloudflare to handle HTTP to HTTPS redirects via a page rule, or their Always HTTPS. This process is actually more efficient as it keeps redirection processing at the CDN edge.
- Local server processing. To enable local HTTP to HTTPS server processing, you will need to remove the comment “#” from these sections.
- Save file! And from from CLI: sudo service nginx restart
Overall all of the above are easy to implement, with the most cumbersome solution being the paid certificate option. Should you require any assistance, please check our site or make use of our bot first, before contacting support. It’s just humans are slower to respond.