Address
304 North Cardinal St.
Dorchester Center, MA 02124
Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM
Continuing with the theme of improving my website and hosting, I transferred my domain to Google and setup a Let’s Encrypt certificate this past week.
Inputting the domain to transfer to Google was even easier than expected, with a nice entry box on the home page.
Once I entered in my domain name, they told me what steps I would need to take to get it transferred over.
After I got everything filled out and the form submitted, I even received a confirmation e-mail to verify that I did want to transfer the domain.
Once I submitted everything, it took about 5 days to get the domain completely transferred over, and managing it is even easier now.
I would recommend Google as a registrar if you are looking for one though. They are $12/year with free privacy and e-mail forwarding included.
When the domain transfer was complete, I also setup a Let’s Encrypt certificate so that I would have SSL for the logins etc.
As I’m running Apache, I was able to use their auto-installer, which made everything a breeze.
root@wordpress-1gb-nyc1-01:~# git clone https://github.com/letsencrypt/letsencrypt Cloning into 'letsencrypt'... remote: Counting objects: 34858, done. remote: Compressing objects: 100% (22/22), done. remote: Total 34858 (delta 13), reused 0 (delta 0), pack-reused 34836 Receiving objects: 100% (34858/34858), 9.31 MiB | 4.62 MiB/s, done. Resolving deltas: 100% (24761/24761), done. Checking connectivity... done. root@wordpress-1gb-nyc1-01:~# cd letsencrypt/ root@wordpress-1gb-nyc1-01:~/letsencrypt# le less lessecho lessfile lesskey lesspipe let lexgrog root@wordpress-1gb-nyc1-01:~/letsencrypt# ls acme certbot-nginx Dockerfile letsencrypt letsencrypt-nginx linter_plugin.py readthedocs.org.requirements.txt tools certbot CHANGES.rst Dockerfile-dev letsencrypt-apache letshelp-certbot MANIFEST.in setup.cfg tox.cover.sh certbot-apache CONTRIBUTING.md docs letsencrypt-auto letshelp-letsencrypt pep8.travis.sh setup.py tox.ini certbot-compatibility-test docker-compose.yml examples letsencrypt-auto-source LICENSE.txt README.rst tests Vagrantfile root@wordpress-1gb-nyc1-01:~/letsencrypt# ./letsencrypt-auto --apache Bootstrapping dependencies for Debian-based OSes... <...snip...> IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/doyler.net/fullchain.pem. Your cert will expire on 2016-07-29. To obtain a new version of the certificate in the future, simply run Let's Encrypt again. - If you lose your account credentials, you can recover through e-mails sent to dev [at] doyler.net. - Your account credentials have been saved in your Let's Encrypt configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Let's Encrypt so making regular backups of this folder is ideal. - If you like Let's Encrypt, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
If you notice in the screenshot though, I did mess up by not including the www. initially, which caused some problems with the cert not matching the URL (due to my rewrite). That said, I regenerated the cert for www.doyler.net and removed the one without the www. and it solved that problem.
As you can see in the top corner now, the SSL cert worked and all major browsers trust it!
Additionally, I ran the site through an SSL test to make sure that everything was sound, and it came back with flying colors.
The last thing I did was setup my http.conf to redirect all traffic to the SSL site, to force all traffic to be encrypted.
root@wordpress-1gb-nyc1-01:/etc/apache2/sites-available# cat 000-default.conf <VirtualHost *:80> ServerName www.doyler.net ServerAdmin webmaster@localhost DocumentRoot /var/www/html <Directory /var/www/html/> Options Indexes FollowSymLinks AllowOverride All Require all granted </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined RewriteEngine on RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] RewriteCond %{SERVER_PORT} !^443$ RewriteRule (.*) https://www.%{HTTP_HOST}%{REQUEST_URI} [R,L] </VirtualHost>
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!
He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.
This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here. As an Amazon Associate, I earn from qualifying purchases.
2 Comments
Leave a Reply
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Hello!
Thanks for this info, but for info: Google does not handle Norwegian domains by the moment…
Ah, I hadn’t tried one of those yet…that’s too bad. Hopefully soon!