Finally, everyone is able to enable HTTPS for their website'(s) without having to pay huge sums of money for SSL certificates. Thanks to Let's Encrypt the process is now very easy.
SSL certificates used to cost money, some you could get for just 10$ per year, while others would cost hundreds of dollars. This has luckily started to change.
Enabling HTTPS in Ubuntu
If you have SSH access to your server, all you have to do is to login, and run a couple commands in terminal. If you are running Apache on in Ubuntu, then you can use the following commands:
sudo apt-get install python-letsencrypt-apache letsencrypt --apache
The letsencrypt --apache command will take you through the process, and automatically configure apache with your certificate. It will ask you for an e-mail address for notifications when your certificate is about to expire.
Certificates expire in just 90 days, but since the process of renewal is automatic, this will not matter. You can setup a cron or systemd job to automate renewal.
Reasons why you should move to HTTPS
The most obvious reason is the extra security, you can read more in Google's guide, Secure your site with HTTPS. A few reasons listed in the guide:
- Encryption—encrypting the exchanged data to keep it secure from eavesdroppers. That means that while the user is browsing a website, nobody can "listen" to their conversations, track their activities across multiple pages, or steal their information.
- Data integrity—data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
- Authentication—proves that your users communicate with the intended website. It protects against man-in-the-middle attacks and builds user trust, which translates into other business benefits.
In addition to the increased security, Google will also provide a small ranking boost to URLs served over HTTPS.