I was listening the MozPod podcast and there was a couple of podcasts about the need to change to HTTPS with the upcoming Google Chrome change to call out website not using SSL certificates.  So, I did some research with Media Temple about installing SSL certificates.  The easiest way is to purchase a SSL certificate from Media Temple.  It does cost an annual fee.  I heard about options to get a free SSL certificate from Let’s Encrypt.  Media Temple has a support article on how to install a Let’s Encrypt certificate (see references below).

Here are the steps I did on my website hosted at Media Temple using Let’s Encrypt SSL certificates:

  • Generate a  CSR (Certification Signing Request)
    • Log into Account Center at Media Temple
    • Click on domain name
    • Under Alternate Domain Admin, click Manage SSL Certification Options
    • Click Generate CSR
      • enter Common Name
      • enter Country (United State)
      • enter Location
      • enter State
      • enter email
      • Click Generate
  • Use https://gethttpsforfree.com/
    • Connect to Media Temple using SSH
      • enter command “openssl genrsa 4096 > account.key”
      • enter command “openssl rsa –in account.key –pubout”
    • Step 1: Account info
      • copy the public key in Get HTTPS for Free website
      • enter account email
      • Click Validate Account Info
    • Step 2: Certificate Signing Request
      • copy CSR
      • Click Validate CSR
    • Step 3: Sign API Requests
      • Copy three signature command and individual run in SSH
      • Copy the results back
      • Click Validate Signatures
    • Step 4: Verify Ownership
      • run command in SSH and paste output
      • select option 2 for file-based
      • create new folder inside html called “.well-known”
      • create subfolder called “acme-challenge”
      • create file called what is given
      • Add content into this file
      • test by navigating to file to test it.
      • Click “I’m now serving this file on mattwoicik.com
    • copy Signed Certificate and Intermediate Certificate
    • Install at Media Temple
        • Log into Account Center at Media Temple
        • Click on domain name
        • Under Alternate Domain Admin, click Manage SSL Certification Options
        • click Import Certificate
          • copy Signed Certificate to Certificate
          • Copy Intermediate Certificate to CA/Chain Certificate
          • Click Save
        • check Certificate Details
    • Test using button on Get HTTPS for Free website
    • Check certification info by going to https://domain.com

    The next step is to switch all traffic to use HTTPS.  But, I also wanted to redirect all www traffic to non-www.  So, add this to the HTACCESS file.

    RewriteEngine On
    RewriteCond %{HTTPS} off [OR]
    RewriteCond %{HTTP_HOST} ^www\. [NC]
    RewriteRule ^ https://mattwoicik.com%{REQUEST_URI} [L,NE,R=301]

    • Test redirection by going to:
      • http://domain.com
      • http://www.domain.com
      • https://www.domain.com

    References: