Let's Encrypt

Online privacy has become a hot topic and an ever-increasing number of people are starting to care about it. The VPN business is booming as users want to hide their identity and some of the most popular web browser extensions are designed to provide anonymity.

Why should I care?

Richard Stallman pays cash only for books as he doesn’t want his purchases to be tracked by online stores like Amazon. Most may find this extreme behaviour but it highlights an important fact:

Almost everything you do online is being tracked by somebody.

Your data is valuable and it is being used to improve services. However, it’s probably also being used for far more disturbing purposes.

So why should you, a law abiding citizen, care about online privacy if you have nothing to hide?


Why do you use the bathroom with the door closed or swim with a bathing suit on? There are activities online that some people want to keep to themselves for fear of ridicule and they should be free to do so.


Anonymity allows criminals to be exposed without jepordizing the safety of those exposing them.

Your behaviour changes under supervision

Everybody has activites that they wouldn’t do with other people around. Everybody.

Okay, I care. What can I do?

The Electronic Frontier Foundation have an excellent article containing steps to secure your privacy online.

In this post I want to focus on a subsection of step eight:

8) Be conscious of web security.

Never submit a credit card number or other highly sensitive
personal information without first making sure your connection is
secure (encrypted).

In any browser, look at
the URL (Web address) line - a secure connection will begin “https://“
intead of “http://“.

If you get an
error message that the page or site does not exist, this probably
means that the company is so clueless - and careless with your
information and your money - that they don’t even have Web security.
Take your business elsewhere.


HTTPS is the secure version of HTTP - the protocol that the internet uses to send data between your browser and the website you are interacting with. With HTTPS, all transmitted data is encrypted by default which makes it ideal for protecting confidential online communications like banking transactions. If HTTP was used instead, anybody who intercepted your communications could read your banking transaction in plain text.

In addition to secure messaging, HTTPS allows visitors to your website to verify that you own the domain and that you are a trusted entity. This is particularly important for businesses who are selling goods or services online.

In the past it was difficult and expensive to set up your websites to use HTTPS. However, this is 2016 and we now have a completely free and open authority to ease the process - letsencrypt.org

There is no longer any excuse to use HTTP over HTTPS if you care about privacy. This is a personal website that doesn’t host, recieve or transmit any confidential information whatsoever and I’ve still set it up to use HTTPS. I hope you make that decision too to help make HTTPS the expected protocol everywhere.

How to setup HTTPS on your website using Let’s Encrypt

Here’s how I did it for this domain which uses the nginx webserver. It’s currently much easier if you use apache due to the tools available.

The following instructions are not universal and may be outdated. Please read the user guide.

Update your operating system.

$ sudo apt-get upgrade && sudo apt-get update

Clone the Let’s Encrypt respository.

$ git clone https://github.com/letsencrypt/letsencrypt
$ cd letsencrypt

Stop nginx.

$ sudo service nginx stop

Generate your SSL certificate.

$ ./letsencrypt-auto certonly --standalone --email gary@garyblackwood.co.uk -d garyblackwood.co.uk -d www.garyblackwood.co.uk

Update your virtual host file at /etc/nginx/sites-available.

server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/garyblackwood.co.uk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/garyblackwood.co.uk/privkey.pem;

Start nginx.

$ sudo service start nginx

You will have to regenerate the certificate per domain every 90 days.

That was easy. Have fun HTTPSifying your websites!

Comment and share

  • page 1 of 1
Author's picture

Gary Blackwood

I write code at SAS and I was part of the Doist team responsible for Todoist.

Before that, I worked at J.P. Morgan Chase after graduating from the University of Glasgow with a BSc Software Engineering.

Software Developer

Glasgow, Scotland