Google Domains and Let’s Encrypt

Continuing with the theme of improving my website and hosting, I transferred my domain to Google and setup a Let’s Encrypt certificate this past week.

Inputting the domain to transfer to Google was even easier than expected, with a nice entry box on the home page.

Let's Encrypt - Google Transfer

Once I entered in my domain name, they told me what steps I would need to take to get it transferred over.

Let's Encrypt - Transfer Instructions

After I got everything filled out and the form submitted, I even received a confirmation e-mail to verify that I did want to transfer the domain.

Let's Encrypt - Verification

Once I submitted everything, it took about 5 days to get the domain completely transferred over, and managing it is even easier now.

I would recommend Google as a registrar if you are looking for one though. They are $12/year with free privacy and e-mail forwarding included.

When the domain transfer was complete, I also setup a Let’s Encrypt certificate so that I would have SSL for the logins etc.

Let's Encrypt - Home

As I’m running Apache, I was able to use their auto-installer, which made everything a breeze.

[email protected]:~# git clone https://github.com/letsencrypt/letsencrypt
Cloning into 'letsencrypt'...
remote: Counting objects: 34858, done.
remote: Compressing objects: 100% (22/22), done.
remote: Total 34858 (delta 13), reused 0 (delta 0), pack-reused 34836
Receiving objects: 100% (34858/34858), 9.31 MiB | 4.62 MiB/s, done.
Resolving deltas: 100% (24761/24761), done.
Checking connectivity... done.
[email protected]:~# cd letsencrypt/
[email protected]:~/letsencrypt# le
less      lessecho  lessfile  lesskey   lesspipe  let       lexgrog
[email protected]:~/letsencrypt# ls
acme                        certbot-nginx       Dockerfile      letsencrypt              letsencrypt-nginx     linter_plugin.py  readthedocs.org.requirements.txt  tools
certbot                     CHANGES.rst         Dockerfile-dev  letsencrypt-apache       letshelp-certbot      MANIFEST.in       setup.cfg                         tox.cover.sh
certbot-apache              CONTRIBUTING.md     docs            letsencrypt-auto         letshelp-letsencrypt  pep8.travis.sh    setup.py                          tox.ini
certbot-compatibility-test  docker-compose.yml  examples        letsencrypt-auto-source  LICENSE.txt           README.rst        tests                             Vagrantfile
[email protected]:~/letsencrypt# ./letsencrypt-auto --apache
Bootstrapping dependencies for Debian-based OSes...

<...snip...>

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/doyler.net/fullchain.pem. Your cert will
   expire on 2016-07-29. To obtain a new version of the certificate in
   the future, simply run Let's Encrypt again.
 - If you lose your account credentials, you can recover through
   e-mails sent to dev [at] doyler.net.
 - Your account credentials have been saved in your Let's Encrypt
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Let's
   Encrypt so making regular backups of this folder is ideal.
 - If you like Let's Encrypt, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Let's Encrypt - Complete

If you notice in the screenshot though, I did mess up by not including the www. initially, which caused some problems with the cert not matching the URL (due to my rewrite). That said, I regenerated the cert for www.doyler.net and removed the one without the www. and it solved that problem.

As you can see in the top corner now, the SSL cert worked and all major browsers trust it!

Let's Encrypt - Verified

Additionally, I ran the site through an SSL test to make sure that everything was sound, and it came back with flying colors.

Let's Encrypt - SSL Test

The last thing I did was setup my http.conf to redirect all traffic to the SSL site, to force all traffic to be encrypted.

[email protected]:/etc/apache2/sites-available# cat 000-default.conf
<VirtualHost *:80>
        ServerName www.doyler.net
        ServerAdmin [email protected]
        DocumentRoot /var/www/html

        <Directory /var/www/html/>
            Options Indexes FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        RewriteEngine on
        RewriteCond %{HTTP_HOST} !^www\. [NC]
        RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
        RewriteCond %{SERVER_PORT} !^443$
        RewriteRule (.*) https://www.%{HTTP_HOST}%{REQUEST_URI} [R,L]
</VirtualHost>

2 Comments

  1. Hello!

    Thanks for this info, but for info: Google does not handle Norwegian domains by the moment…

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Address
304 North Cardinal St.
Dorchester Center, MA 02124

Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM