Isnor Creative
Isnor Creative Blog
Ruby, Ruby on Rails, Ember, Elm, Phoenix, Elixir, React, Vue

Nov 2, 2016

HTTPS with Lets Encrypt on WebFaction

Updates
  • Wed Nov 28, 2018: Webfaction is also now offering Lets Encrypt install through their control panel!
  • Sat Mar 17, 2018: ouranos pointed out that I did not include –config flag in cron note
  • Fri Nov 18, 2016: Let’s Encrypt webfaction now supports automated renewal via the Webfaction API

Google has announced that they will ramp up punishment sites that are not serving enecrypted content starting in January 2017. This will roll out over the course of the year, starting with sites that are transmitting passwords and ecommerce-related data to incrementally include all web traffic, regardless of whether or not there’s anything secure being transferred.

Moving towards a more secure web

So it’s a very good time to get started with encrypting all the things.

Let’s Encrypt is a good option since it’s free. Otherwise SSL costs would really start piling up. I’ve been ensuring all my clients and personal sites on Webfaction are set up with https. The LetsEncrypt Webfaction project has been very helpful for this.

https://github.com/will-in-wi/letsencrypt-webfaction

Get Started

First, create an https site in the Webfaction control panel, or update existing an one to https.

This step need not be done initially if you already have a sit online and want to minimize downtime.

Install LetsEncrypt Webfaction

Install

GEM_HOME=$HOME/.letsencrypt_webfaction/gems RUBYLIB=$GEM_HOME/lib gem2.2 install letsencrypt_webfaction

Add to bash_profile

    function letsencrypt_webfaction {
        PATH=$PATH:$GEM_HOME/bin GEM_HOME=$HOME/.letsencrypt_webfaction/gems RUBYLIB=$GEM_HOME/lib ruby2.2 $HOME/.letsencrypt_webfaction/gems/bin/letsencrypt_webfaction $*
    }

Refresh session

source $HOME/.bash_profile

Add a YAML config file to store your Webfaction credentials at ~/your_config.yml

username: "xxx"
password: "yyy"

Create an http website and a new static application –– in the webfaction control panel

Create an .htaccess file in the new http static app

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-SSL} !on
RewriteCond %{REQUEST_URI} !^/\.well\-known/
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Run Let’s Enecrypt Webfaction manually the first time using the public directory of the HTTP app

letsencrypt_webfaction --letsencrypt_account_email you@email.com --domains www.site.com(,site.com,etc) --public ~/webapps/your_app/ --config your_config.yml

Setup a cron job to renew:

0 4 1 */2 *     PATH=$PATH:$GEM_HOME/bin:/usr/local/bin GEM_HOME=$HOME/.letsencrypt_webfaction/gems RUBYLIB=$GEM_HOME/lib ruby2.2 $HOME/.letsencrypt_webfaction/gems/bin/letsencrypt_webfaction --account_email you@email.com --domains www.site.com(,site.com,etc) --public ~/webapps/your_app/  --config your_config.yml

Your site should be up and running with https now, and your http should be redirecting to https!

Gordon B. Isnor

Gordon B. Isnor writes about Ruby on Rails, Ember.js, Elm, Elixir, Phoenix, React, Vue and the web.
If you enjoyed this article, you may be interested in the occasional newsletter.

I am now available for project work. I have availability to build greenfield sites and applications, to maintain and update/upgrade existing applications, team augmentation. I offer website/web application assessment packages that can help with SEO/security/performance/accessibility and best practices. Let’s talk

comments powered by Disqus