Isnor Creative Blog
Ruby on Rails, Ember, Phoenix, Elixir, React

HTTPS with Lets Encrypt on WebFaction

Updated Friday November 18, 2016: Let’s Encrypt webfaction now supports automated renewal via the Webfaction API

Google has announced that they will ramp up punishment sites that are not serving enecrypted content starting in January 2017. This will roll out over the course of the year, starting with sites that are transmitting passwords and ecommerce-related data to incrementally include all web traffic, regardless of whether or not there’s anything secure being transferred.

Moving towards a more secure web

So it’s a very good time to get started with encrypting all the things.

Let’s Encrypt is a good option since it’s free. Otherwise SSL costs would really start piling up. I’ve been ensuring all my clients and personal sites on Webfaction are set up with https. The LetsEncrypt Webfaction project has been very helpful for this.

https://github.com/will-in-wi/letsencrypt-webfaction

Get Started

First, create an https site in the Webfaction control panel, or update existing an one to https.

This step need not be done initially if you already have a sit online and want to minimize downtime.

Install LetsEncrypt Webfaction

Install

GEM_HOME=$HOME/.letsencrypt_webfaction/gems RUBYLIB=$GEM_HOME/lib gem2.2 install letsencrypt_webfaction

Add to bash_profile

function letsencrypt_webfaction {
    PATH=$PATH:$GEM_HOME/bin GEM_HOME=$HOME/.letsencrypt_webfaction/gems RUBYLIB=$GEM_HOME/lib ruby2.2 $HOME/.letsencrypt_webfaction/gems/bin/letsencrypt_webfaction $*
}

Refresh session

source $HOME/.bash_profile

Add a YAML config file to store your Webfaction credentials at ~/your_config.yml

username: "xxx"
password: "yyy"

Create an http website and a new static application –– in the webfaction control panel

Create an .htaccess file in the new http static app

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-SSL} !on
RewriteCond %{REQUEST_URI} !^/\.well\-known/
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Run Let’s Enecrypt Webfaction manually the first time using the public directory of the HTTP app

letsencrypt_webfaction --letsencrypt_account_email you@email.com --domains www.site.com(,site.com,etc) --public ~/webapps/your_app/ --config your_config.yml

Setup a cron job to renew:

0 4 1 */2 * PATH=$PATH:$GEMHOME/bin:/usr/local/bin GEMHOME=$HOME/.letsencryptwebfaction/gems RUBYLIB=$GEMHOME/lib ruby2.2 $HOME/.letsencryptwebfaction/gems/bin/letsencryptwebfaction –accountemail you@email.com –domains www.site.com(,site.com,etc) –public ~/webapps/yourapp/

Your site should be up and running with https now, and your http should be redirecting to https!

Gordon B. Isnor writes about Ruby on Rails, Ember.js, Elixir, Phoenix, React, and web development in general. If you enjoyed this article, join his newsletter.

comments powered by Disqus