crispgm.com has enabled HTTPS as its default protocol, with the power of Let’s Encrypt.
When properly configured, an HTTPS connection guarantees three things:
Confidentiality. The visitor’s connection is encrypted, obscuring URLs, cookies, and other sensitive metadata.
Authenticity. The visitor is talking to the “real” website, and not to an impersonator or through a “man-in-the-middle”.
Integrity. The data sent between the visitor and the website has not been tampered with or modified.
A plain HTTP connection can be easily monitored, modified, and impersonated.
Quoted from https://https.cio.gov/faq/#what-information-does-https-protect?
Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG).
Contribute to letsencrypt on GitHub.
https://github.com/ietf-wg-acme/acme
https://github.com/letsencrypt/acme-spec
Boulder is an ACME-based CA, written in Go.
https://github.com/letsencrypt/boulder
https://letsencrypt.readthedocs.org/
As the letsencrypt-nginx is not fully developed, I choose certonly to generate SSL certificate and configure nginx manually.
./letsencrypt-auto certonly --webroot -w /path/to/webroot --email admin@example.com -d example.com
Configure nginx.conf
ssl_certificate /etc/letsencrypt/live/crispgm.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/crispgm.com/privkey.pem;
ssl_session_timeout 1440m;
Others are as default.
Let’s Encrypt CA issues short lived certificates (90 days). Make sure you renew the certificates at least once in 3 months.
Actually, crispgm.com is a full static site. Almost no difference on performance. :D
Safe journey on crispgm.com :)