Free Automated A+ Graded SSL Certificates with Let's Encrypt
Learn to secure your website with HTTPS by configuring nginx or Apache, then host it on DigitalOcean using a domain name
- Computer that runs MacOS, Windows or Linux
- Basic understanding on how to use a computer
- Command prompt or terminal basics (tips included to help beginners)
- Ability to SSH into a server (guides included to help beginners)
Learn How to Get a Secure Lock Icon for Your Site
Because Nowadays Hosting an Insecure Site Isn't Good Enough
Search engines (especially Google) and major browser vendors are really cracking down on insecure sites.
Google ranks insecure pages (HTTP) worse than secure pages (HTTPS).
As of mid-2014 Google has openly stated that HTTPS is now part of their page rank algorithm. Simply put, insecure sites being served over HTTP will rank worse than secure sites being served over HTTPS.
Chrome, FireFox and other browser vendors are adding more and more visual cues that make even non-technical folks aware that your site is dangerous to view.
It won't take long until all insecure sites are seen as being malicious and untrustworthy, even if you're technically not doing anything wrong. Although honestly, I would classify not securing your site as doing your visitors a disservice.
Insecure sites allow anyone to intercept and read the traffic between your visitors and your site.
That's because insecure sites transmit all data over plain text. This makes your visitor's data sensitive to man in the middle attacks, which in turn could be a disaster for both your audience and yourself.
Remember, most people using your site aren't tech savvy, and don't understand that by logging into an insecure site they are leaking sensitive data. If their account gets compromised, guess who they're gong to blame? Yep, your site.
The good news is, securing your site over HTTPS (with SSL certificates) fixes all of the above problems.
- Search engines will recognize that you care about security and they will rank you higher in organic search results.
- Browser vendors will give you a secure green lock icon next to your domain name in the URL bar (just like this site). That's way better than a scary not secure label!
- Your visitor's browsing activity and data will be encrypted. That means anything your visitors send or receive through your site will be protected from anyone trying to read it. In other words, it's secure.
Let's Encrypt Is the Best Thing Ever for HTTPS
1. Let's Encrypt is its own certificate authority, meaning it has been white listed by major browsers to offer trusted SSL certificates. Most other SSL certificate vendors are just re-sellers who leech off other certificate authorities because it's very difficult to become a trusted certificate authority.
2. Let's Encrypt allows you to issue SSL certificates for free. You can issue certificates for let's say: example[dot]com, blog.example[dot]com and admin.example[dot]com for free. Other vendors would charge you $30+ / year because you would need 3 separate certs (sub-domains need their own cert).
3. Let's Encrypt allows you to automate verifying and renewing your SSL certificates and doesn't require setting up any billing details. Other SSL vendors require you to manually renew each individual certificate on a yearly basis, and also keep your billing information up to date.
4. Let's Encrypt open sourced all of their tools and has a vibrant community built around it. Other SSL vendors keep everything behind closed doors and force you to use their difficult to use website because it's beneficial to them (example: they charge you certificate revoke fees if you mess up).
5. In 1 year, Let's Encrypt went from having 4+ million active SSL certificates to 40+ million active certs and their growth is exploding. Other SSL vendors are simply not issuing as many certs because people are beginning to realize they don't need to get price gouged to secure their site.
What will I be able to do after completing this course?
You'll be able to secure your site with HTTPS using Let's Encrypt. Along the way we'll cover:
- Crash Course on SSL Certificates
- Create a server on DigitalOcean
- Securely host a demo website with nginx and Apache
- Hook up a custom domain name* to your server
- Integrate and automate Let's Encrypt for A+ rated SSL certificates
*Don't worry, you'll still be able to follow along if you don't have a custom domain name.
This course comes with:
- Production ready config files for nginx and Apache
- Works with Rails, Flask, Node, Django, Wordpress or any web framework and website
- A battle hardened script that you can run to secure 1 or more domains at will
- Text based reference guide so you don't have to take your own notes
- 30 day money back guarantee if you don't absolutely love the course
How does it work with all web frameworks?
Rather than try to implement SSL with each individual web framework, you only have to implement it once with nginx or Apache and then your website or web application can continue doing its thing without ever knowing about SSL, even though it's still protected. It's a huge win (and secure).
nginx and Apache are the most popular web servers in the world and they can each do a number of things very well, but here's what you'll learn to do in this course (with both):
2. Forward traffic to any popular web framework such as Rails, Express, Flask, Django, WordPress and so on. This is labeled as a "reverse proxy" and it's how you link a web app to nginx or Apache.
You'll even learn how to host more than 1 site or web app on a single server using virtual hosts.
But is this course worth it?
Instead of spending hundreds of hours furiously Googling around on your own while you second guess every decision, you can sit back and relax while someone who has been in the trenches for 2 decades provides you working solutions. It's like getting instant access to a private consultant.
There's also all of the money you'll save by not having to buy and renew SSL certificates every year, but more importantly you're getting a fully automated solution so you don't have to worry about your site breaking out of the blue because you accidentally forgot to renew an SSL certificate.
What makes this course special?
I've been using Let's Encrypt since it first went live. This course has battle hardened configs and scripts that I have been using and tweaking over the years while I've worked as a self taught full stack developer.
You're not just getting theory and lessons. You're getting production ready solutions that you can apply to your projects.
I've also been a teacher for a number of years and well over 20,000+ people have taken one of my courses.
What kind of support can I expect?
The very best. You can expect hand crafted personal responses to all of your questions that are about this course. Who knows, I may even help you out for slightly off topic questions too!
Here's just a few things that students have said about my support:
Nick has always been quick to respond to my questions. I've never had a message fall through the cracks with Nick. He has become an invaluable mentor. -- Kyle L.
Nick is working around the clock answering questions. I encourage everyone to learn from Nick. -- Ken
Nick is an awesome teacher who is always available to answer your questions in a kind and timely manner. -- Vasco L.
Who this course is for:
- Web developers who want to secure their site
- Anyone who wants to learn how to use Let's Encrypt
- Anyone who wants to understand how SSL certificates work
- Anyone who wants to learn how to set up a server on the cloud
- Anyone who wants to learn how to configure nginx and Apache
- Anyone who wants to learn how to set up a custom domain name
What you will learn
Understand how SSL certificates and HTTPS work
Set up a server on the cloud with DigitalOcean
Securely connect to a server over SSH
Secure a website or web application with both nginx and Apache
Register and hook up a custom domain name to a server
Issue and automatically renew SSL certificates with Let's Encrypt
Configure nginx and Apache for A+ graded SSL ratings with Let's Encrypt
Host more than 1 site or web application on a single server