← Back to Bootcamp

Lesson 3: HTTPS & SSL Certificates

Encrypt every connection with Let's Encrypt and understand what TLS actually does

Prep
Apache
Files
Firewall
Network
Router
DNS
HTTPS
Progress: 0/4 steps completed
1
HTTP vs. HTTPS
Why encryption matters

HTTP vs. HTTPS

Port 80 — HTTPPort 443 — HTTPS
SecurityUnencryptedEncrypted (TLS/SSL)
DataReadable by anyone interceptingPrivate between browser & server
BrowserNo padlockShows padlock icon
Required forTesting onlyLogins, payments, SEO, production

What is TLS/SSL?

Transport Layer Security is a cryptographic protocol that creates a secure tunnel between a browser and a server. It uses public-key cryptography to establish trust, then symmetric encryption to protect the data flowing through that tunnel. The padlock you see in your browser means TLS is active.

2
Install Certbot
The tool that gets free certificates

What is Let's Encrypt?

Let's Encrypt is a nonprofit certificate authority that provides free SSL/TLS certificates. Certbot is the official client that automates the entire process: proving you own the domain, downloading the certificate, configuring Apache, and setting up auto-renewal.

Install Certbot and the Apache plugin

sudo apt install certbot python3-certbot-apache -y
  • certbot is the certificate management tool
  • python3-certbot-apache is the plugin that configures Apache automatically
  • -y automatically answers "yes" to prompts
3
Get Your Certificate
Prove ownership and encrypt your domain

How domain validation works

Let's Encrypt must verify you control the domain. It does this by connecting to your server via HTTP and looking for a specific token file. If it finds it, it issues the certificate. This is why your domain must already be reachable from the internet before you run Certbot.

Run Certbot

sudo certbot --apache -d yourname.duckdns.org
  • Replace yourname.duckdns.org with your actual DuckDNS domain
  • Enter your email when prompted (for renewal notices)
  • Agree to the terms of service
  • Choose whether to share your email (optional)
  • When asked about redirecting HTTP to HTTPS, choose 2: Redirect

What Certbot does automatically

  • Proves you own the domain by connecting to it
  • Downloads an SSL certificate and private key
  • Configures Apache to use the certificate on port 443
  • Sets up automatic renewal (certificates expire every 90 days)
  • Creates an HTTP→HTTPS redirect
4
Verify & Test Renewal
Confirm the padlock and automation

Verify HTTPS

Visit your site with https://:

https://yourname.duckdns.org
  • You should see a padlock icon in the browser address bar
  • Clicking the padlock should say "Connection is secure"
  • HTTP requests should automatically redirect to HTTPS

Test automatic renewal

sudo certbot renew --dry-run
  • This simulates renewal without actually changing anything
  • If it says success, you are set for life — Certbot handles the rest
  • Certbot installs a cron job that checks renewal twice daily

⚠️ No padlock?

  • Check port 443 forwarding — Your router must forward port 443 to your server.
  • Check Apache configsudo apache2ctl configtest should say "Syntax OK".
  • Check certificatessudo certbot certificates shows installed certs.