A Bot Everyone Likes!

There are a lot of bad bots out there.  For example, Mirai, Brobot, or even zombie bots are wreaking havoc across all industries.  There’s also the “not so bad” bots.  These are things like aggregators Mint, Yoodlee, and others that run on behalf of a human.

Well these aren’t the type of bots we are talking about today.  Nope, we are talking about a friendly bot that helps keep the internet safe.

The best way to secure the internet to allow for confidentiality / non-repudiation is through encryption and digital signatures. And one the easiest ways to accomplish this is is through Certbot.

If you are unfamiliar with Certbot it is a free to use certificate obtaining and deployment technology.  It’s the easiest way to enable HTTPS for your website. Certbot allows for quick DV (domain verification) certificates through Let’s Encrypt! as the CA.  Did I mention its free to use?

The first step to using Certbot is to install the package. If using Debian packages just type:

“Sudo add-apt-repository ppa:certbot/certbot”

Then run:

“apt-get update”.

Finally for Apache run:

“sudo apt-get install python-certbot-apache”.

After that you’ll be ready to fetch and deploy certificates. In your CLI if you needed a certificate for example.com then use “./certbot-auto –apache -d example.com – d”.

That’s it! You’ll be guided the rest of the way there for full certification provisioning.  Certbot provides additional flexibility with support for OCSP (Online Certificate Status Protocol) as well as for ACME(Automated Certificate Management Environment) protocol.

Certbot also has pretty good support for Apache.  For example it’ll try to auto config redirects i.e. redirecting HTTP to HTTPS.  While I’m sure the success rate is high for the auto configuration in our experience it’s best to manage redirects through configuration files.

To perform a redirect simply open your .htaccess

“cd /var/www/html/”

Run

“sudo vi .htaccess”

Update .htaccess with:

“RewriteCond %{HTTPS} =on”

“RewriteRule ^(.*)$ https://www.example.com/$ [R=301, L]”

It’s important to note that Certbot is supported by the EFF. Electronic Frontier Foundation. EFF goal is to encrypt the Internet and Certbot helps make that easy.  From EFF, “The Electronic Frontier Foundation is the leading nonprofit organization defending civil liberties in the digital world.”

So if you are looking for a way to enable HTTPS quickly and need a certificate whose root is trusted by browsers then Certbot is for you.  https://certbot.eff.org