Search engines (especially Google) and major browser vendors are really cracking down on insecure sites.
As of mid-2014 Google has openly stated that HTTPS is now part of their page rank algorithm. Simply put, insecure sites being served over HTTP will rank worse than secure sites being served over HTTPS.
If that's not bad enough...
It won't take long until all insecure sites are seen as being malicious and untrustworthy, even if you're technically not doing anything wrong. Although honestly, I would classify not securing your site as doing your visitors a disservice.
But it gets worse...
That's because insecure sites transmit all data over plain text. This makes your visitor's data sensitive to man in the middle attacks, which in turn could be a disaster for both your audience and yourself.
Remember, most people using your site aren't tech savvy, and don't understand that by logging into an insecure site they are leaking sensitive data. If their account gets compromised, guess who they're gong to blame? Yep, your site.
It's your responsibility as a site owner to protect your visitors from such attacks...
1. Let's Encrypt is its own certificate authority, meaning it has been white listed by major browsers to offer trusted SSL certificates. Most other SSL certificate vendors are just re-sellers who leech off other certificate authorities because it's very difficult to become a trusted certificate authority.
2. Let's Encrypt allows you to issue SSL certificates for free. You can issue certificates for let's say: example.com, blog.example.com and admin.example.com for free. Other vendors would charge you $30 / year because you would need 3 separate certs (sub-domains need their own cert).
3. Let's Encrypt allows you to automate verifying and renewing your SSL certificates and doesn't require setting up any billing details. Other SSL vendors require you to manually renew each individual certificate on a yearly basis, and also keep your billing information up to date.
4. Let's Encrypt open sourced all of their tools and has a vibrant community built around it. Other SSL vendors keep everything behind closed doors and force you to use their difficult to use website because it's beneficial to them (example: they charge you certificate revoke fees if you mess up).
5. In 1 year, Let's Encrypt went from having 4+ million active SSL certificates to 40+ million active certs and their growth is exploding. Other SSL vendors are simply not issuing as many certs because people are beginning to realize they don't need to get price gouged to secure their site.
What about Golang, Phoenix and anything else? That's ok, they will work too. I ran out of logo space!
My favorite thing about this course was the all-in-one script that Nick put together for managing my SSL certificates. All I had to do was edit and run it. Also, I'm just starting out as a freelancer and being able to offer HTTPS as a feature is going to let me charge more for my services. Thanks Nick!
I've been using Let's Encrypt since it first went live in early 2016.
I'm a self taught full stack developer who has been learning and working as a freelance consultant for the last 20 years. The battle hardened configs used in this course are what I've personally used and tweaked from real world experience.
Nick has always been quick to respond to my questions. I've never had a message fall through the cracks with Nick. He has become an invaluable mentor.
Nick is working around the clock answering questions. I encourage everyone to learn from Nick.
Nick is an awesome teacher who is always available to answer your questions in a kind and timely manner.
|1. Course Introduction and Preparation||15 minutes|
|1.2 Course Roadmap|
|1.3 Meet Your Instructor|
|1.4 Download This Course's Resources|
|1.5 Get Set up with SSH and SCP|
|2. Understanding HTTPS and SSL Certificates||20 minutes|
|2.1 Why You Should Protect Your Site with HTTPS|
|2.2 Visualizing how SSL Certificates Work|
|2.3 3 Different Tiers of SSL Certificates|
|2.4 SAN vs Wildcard SSL Certificates|
|3. Setting up a Server with DigitalOcean||15 minutes|
|3.1 Why I Picked DigitalOcean|
|3.2 Creating a Droplet|
|3.3 Connecting to Your Droplet Over SSH|
|3.4 Copying the Course Material to Your Server|
|4. Installing and Configuring nginx for A+ SSL Ratings||30 minutes|
|4.1 Getting nginx Installed and Confirm It Works|
|4.2 Creating a Custom Website|
|4.3 Configuring nginx to Serve a Website|
|4.4 Generating Self Signed SSL Certificates|
|4.5 Configuring nginx for A+ SSL Ratings|
|5. Associating a Domain Name to Your Server||15 minutes|
|5.1 Follow Along for Free without a Domain Name|
|5.2 A Crash Course in DNS|
|5.3 How to Pick a Good Domain Name Registrar|
|5.4 Updating Your DNS Records|
|6. Getting Let's Encrypt Working and Automated||45 minutes|
|6.1 What Is Let's Encrypt?|
|6.2 Visualizing how Let's Encrypt Works|
|6.3 Moving a Few Scripts to Their Correct Paths|
|6.4 Accepting Challenges with nginx|
|6.5 Going Over the Issue SSL Certificate Script|
|6.6 Adjusting nginx and Verifying Our Site Works|
|6.7 Automating Certificate Renewal with a Cronjob|
|7. Applying Let's Encrypt to Other Examples||20 minutes|
|7.1 Configuring nginx to Secure Multiple Domains|
|7.2 Configuring nginx to Secure Any Web App|
|7.3 Configuring Apache for A+ SSL Ratings|
|8. Where to Go Next||5 minutes|
|8.1 Destroying Your DigitalOcean Droplet|
|8.2 Congrats on Finishing This Course|
|8.3 Developing and Deploying Web Apps|
You can spend days on your own reading the documentation and source code for Let's Encrypt's certbot script or one of the many other third-party libraries, and then spend more time generating and setting up the script to work on your site and maybe create a work flow through trial and error.
Or you can get this course, learn how to use Let's Encrypt within a few hours, and gain an easy work flow that you can use for all future projects. Through a simple cost-benefit analysis, I think most would agree that spending a few dollars on the course would save them money because the days that they would otherwise spend on learning and setting up Let's Encrypt are days that they can’t spend on working on clients' projects, personal projects, etc.
Sometimes it's good to experiment and learn through making mistakes, but when your app's security is at stake, it’s best to do it right the first time.
|Here's What You'll Get|
|Download and Stream 1080p HD DRM-free Videos|
|Lifetime access to all 8 Sections|
|Lifetime access to all 35 Video Lectures|
|~3 Hours of Content|
|Production ready configs and scripts that are ready to use|
|Reference guide in text form|
|English closed captions to follow along without audio|
|Word for word transcripts that are text searchable|
|Private forums to ask questions and get answers|
|24 / 7 support so you don't get stuck|
|$10 in DigitalOcean hosting credits to follow along|
|Free updates for life|
|365 day money back guarantee, 100% risk free|
| Get the Course | |
Looking for a team license discount or personalized training? Contact me at email@example.com.
Improving security is always a request that my clients have. At my day job I play the role of marketing director but I also do freelancing on the side and securing WordPress sites is something I always wanted to learn how to do.
I'll admit, for someone who isn't technically a web developer, I found the course challenging but Nick's explanations made things as clear as I could have asked for. For those of you who might not be developers yourself, you should know that this course is well organized and approachable. Also, having the ability to reach out for support made this course a no brainer decision.
Thanks Nick. In the end I was able to secure my WordPress site, and now I know I can repeat the process.
Years of experience and best practices condensed into a few hours.
Instead of spending hundreds of hours furiously Googling around on your own while you second guess every decision, you can sit back and relax while someone who has been in the trenches for 2 decades provides you working solutions. It's like getting instant access to a private consultant.
There's also all of the money you'll save by not having to buy and renew SSL certificates every year, but more importantly you're getting a fully automated solution so you don't have to worry about your site breaking out of the blue because you accidentally forgot to renew an SSL certificate.
This could be Hostgator, Bluehost or any other non-VPS host
Realistically no and that's because most shared hosting providers only allow you to upload pre-made SSL certificates to their control panel. This is a very clumsy solution.
However, it's worth mentioning that if you use your shared hosting provider's VPS plan, then this course may work great for you but you'll want to double check with their tech support first. You'll need root SSH access to a server running Ubuntu 16.04 or CentOS 7.3 (but you could always use a different Linux distro once you're familiar with what you need to do).
You can also use any VPS or cloud hosting provider you want. Personally I'm a fan of DigitalOcean (which is what we use in this course), but by all means, please continue using whatever you're comfortable with.
If you're just getting into deploying web sites or web applications onto a server then you'll get a ton of value from this course because you'll see how to do it from start to finish.
The SSL configuration is done at the nginx or Apache level.
Rather than try to implement SSL with each individual web framework, you only have to implement it once with nginx or Apache and then your website or web application can continue doing its thing without ever knowing about SSL, even though it's still protected. It's a huge win (and secure).
nginx and Apache are the most popular web servers in the world and they can each do a number of things very well, but here's what you'll learn to do in this course (with both):
2. Forward traffic to any popular web framework such as Rails, Express, Flask, Django, WordPress and so on. This is labeled as a "reverse proxy" and it's how you link a web app to nginx or Apache.
You'll even learn how to host more than 1 site or web app on a single server using virtual hosts.
It's so easy that you'll be watching your first video in about 60 seconds.
After clicking the get the course button you'll be taken to a form where you'll fill out your name, email and password. Then you'll be asked for your billing details. This creates an account on my platform.
After filling out that short form, you'll be immediately taken to the course back-end where you can either binge watch the entire course in an afternoon, or take it at whatever pace works best for your schedule (you'll have lifetime access).
It's also worth mentioning that I use Stripe or PayPal to process all payments. Your billing details are safely processed and stored on their servers, not mine.
All videos were recorded at 1920x1080 (1080p).
If you stream the videos you'll have an option of watching them at 1080p, 720p or 480p.
This course was recorded with a studio grade microphone and I'm using serious business headphones to edit everything. There are no disgusting mouth noises, or heavy breathing going on in my videos. I'm proud to say this is the highest quality course I've ever produced.
Yes, please make millions off of them!
I want you to walk away being very confident securing websites, but more importantly I also want to give you high quality scripts and configs that you can apply to your own projects.
You have my full permission to use these scripts and config files for any client work you do. So feel free to take one of them and use it as a base for a $10,000 solution that you sell to a client.
The only limitation is that you're not allowed to distribute anything publicly. For example, please don't post them on your GitHub page or any other public location. This goes for any of the course's content!
You have a 365 day money back guarantee, 100% risk free.
I want to make sure you're very happy with the course. The last thing I'm trying to do is trick you into buying something. I only want your money if you found real value from taking the course.
If you're not satisfied, then shoot me an e-mail at firstname.lastname@example.org and I will refund you.