1
00:00:00,630 --> 00:00:07,960
In this lesson we'll be securing each of our domains with SSL using Let's encrypt let's encrypt is a

2
00:00:07,970 --> 00:00:13,500
free easy to use SSL certificate that can be installed within a few simple steps.

3
00:00:15,030 --> 00:00:21,150
Back in terminal we need to install the cert bot software on our server to do so.

4
00:00:21,150 --> 00:00:27,060
Type in the following command once you've finished typing in this command press Enter

5
00:00:33,510 --> 00:00:35,060
press enter to continue.

6
00:00:40,520 --> 00:00:44,920
Now install cert boughts Apache package using the APTA method.

7
00:00:44,920 --> 00:00:47,180
So Type in this command and press enter

8
00:00:51,940 --> 00:01:09,650
type in Y at the prompt.

9
00:01:09,900 --> 00:01:15,600
In order for cert but to automatically configure SSL it needs to be able to find the correct virtual

10
00:01:15,600 --> 00:01:19,970
hosts file for each domain in the Apache configuration.

11
00:01:20,170 --> 00:01:26,520
Since we already set up our virtual host directives we can go ahead and obtain our SSL certificates.

12
00:01:27,010 --> 00:01:29,720
There's actually two ways of doing this.

13
00:01:29,740 --> 00:01:35,710
Typically if you already have your domains configured you can register a certificate for all the domains

14
00:01:35,710 --> 00:01:39,420
at once and the syntax for this would be as follows.

15
00:01:41,700 --> 00:01:51,490
As you can see we have each domain name including its w w w prefix in the command line.

16
00:01:51,540 --> 00:01:59,120
So each domain name is precedes the dash d Flegg.

17
00:01:59,300 --> 00:02:04,400
And so if you had five or 10 or however many domains you could plug them all in at once over here to

18
00:02:04,400 --> 00:02:05,270
save time.

19
00:02:06,420 --> 00:02:12,030
However most of the time you'll be adding certificates periodic as you register additional domains or

20
00:02:12,030 --> 00:02:13,670
take on more clients.

21
00:02:13,740 --> 00:02:16,600
In the case where you're running a hosting company.

22
00:02:16,710 --> 00:02:22,050
So for this reason we'll register each certificate separately as you would normally do in the course

23
00:02:22,050 --> 00:02:23,020
of business.

24
00:02:24,160 --> 00:02:28,290
So let's go ahead and start with our first domain.

25
00:02:28,670 --> 00:02:41,420
You're going to type this command here.

26
00:02:41,870 --> 00:02:45,680
You're going to replace example dotcom with your Doumit with your first domain name

27
00:02:49,310 --> 00:02:53,400
once you finished that double check that you've entered the correct domain name.

28
00:02:54,320 --> 00:02:56,240
You don't want to make any mistakes here.

29
00:03:00,990 --> 00:03:06,160
And go ahead and press enter.

30
00:03:06,300 --> 00:03:10,950
Now it's going to ask you for an e-mail address just for administrative purposes so you can go ahead

31
00:03:10,950 --> 00:03:11,820
and enter that in

32
00:03:18,200 --> 00:03:31,110
you have to agree to the terms of service so type in eight and press enter.

33
00:03:31,150 --> 00:03:37,140
Now it's asking if we'd be willing to share the email address with the Electronic Frontier Foundation.

34
00:03:37,470 --> 00:03:51,720
I'll just go ahead and select no.

35
00:03:51,800 --> 00:03:53,670
This is an important question.

36
00:03:53,900 --> 00:04:01,200
It's asking do you want to redirect all requests to the HTP version of your web site.

37
00:04:01,350 --> 00:04:08,930
Now typically you do want to do this if somebody types in w w w dot your domain dot com or types in

38
00:04:08,930 --> 00:04:12,140
your domain without the W.W. prefix.

39
00:04:12,260 --> 00:04:19,760
Whatever the case may be we want all requests to redirect to the HTP s version of our Web site if for

40
00:04:19,760 --> 00:04:24,600
any reason you don't want that then you're going to enter one here and press enter.

41
00:04:25,100 --> 00:04:35,530
But if you do want that you're going to type in to and you're going to press enter.

42
00:04:35,550 --> 00:04:36,360
OK so perfect.

43
00:04:36,360 --> 00:04:42,690
As soon as you finish that the congratulations method your certificate and chain have been saved at

44
00:04:43,920 --> 00:04:49,290
and then it gives you the directory and file name in a second.

45
00:04:49,290 --> 00:04:55,250
We will upload our domain on our in our web browser again just to make sure that it is secure.

46
00:04:55,380 --> 00:04:59,160
Make sure that the SSL lock is present.

47
00:04:59,280 --> 00:05:04,540
But before we do that let's go ahead and create the certificate for our second domain as well.

48
00:05:09,400 --> 00:05:12,310
So again you're going to use the same command

49
00:05:15,960 --> 00:05:16,600
and press ENTER

50
00:05:33,230 --> 00:05:39,080
since we've already configured the administrative e-mail for our server we don't it's not going to prompt

51
00:05:39,080 --> 00:05:40,100
us for that again.

52
00:05:42,060 --> 00:05:48,900
All we have to do is decide whether we want to redirect all traffic for this domain to the HGP version

53
00:05:48,960 --> 00:05:50,060
of the site.

54
00:05:50,580 --> 00:05:58,800
So once again we do so when enter to and press ENTER OK perfect so we now have both our certificates

55
00:05:58,800 --> 00:06:04,820
installed for each separate domain and all we have to do is test to make sure that it's working.

56
00:06:05,870 --> 00:06:15,880
Since we're accessing the first domain through a proxy service the secure message here that is not relevant

57
00:06:15,940 --> 00:06:19,290
to our SSL certificate for the first domain.

58
00:06:19,300 --> 00:06:29,210
We will have to wait till the DNS propagates in order for us to view our SSL certificate over here in

59
00:06:29,260 --> 00:06:31,050
the secure message area.

60
00:06:34,070 --> 00:06:39,890
But since our second domain works we can certainly test that out and you can see over here that it is

61
00:06:39,890 --> 00:06:41,140
labeled secure.

62
00:06:41,270 --> 00:06:48,650
And that means that our certificate is valid and you can see here that it's issued by the let's encrypt

63
00:06:48,650 --> 00:06:53,400
authority so everything is in order.

64
00:06:53,480 --> 00:06:57,910
So I just tried the first domain again in case it has propagated perfect.

65
00:06:57,940 --> 00:07:00,400
Ok so now it has propagated.

66
00:07:00,400 --> 00:07:04,930
So it took probably around 10 minutes.

67
00:07:04,990 --> 00:07:06,640
So sometimes it's fairly quick.

68
00:07:08,290 --> 00:07:12,130
And you can see that the first domain is secure as well

69
00:07:15,600 --> 00:07:19,160
here's the certificate again issued by encrypted authority.