Add SSL Certificates chapter

martpie · martpie · commit dfc2dc3f8997 · 2019-08-26T13:18:40.000+02:00
diff --git a/1.ssh_connection.md b/1.ssh_connection.md
@@ -36,7 +36,7 @@ This connection method has a big problem though:
 - open your bash history `cat ~/.bash_history`
 - look at the last line
 
-> 🃏 Hints
+> 🃏 hints
 >
 > - press `ctrl+D` to log out
 > - if you are using ZSH: `cat ~/.zsh_history`
diff --git a/5.ssl_certificates.md b/5.ssl_certificates.md
@@ -1 +1,78 @@
 # 5. SSL Certficates
+
+When we connect to a web server, we send packets of data to it. By default, with HTTP, those packets are readable (and sometimes editable) by people between you and the server.
+
+> 📖 Resources
+>  
+> - https://en.wikipedia.org/wiki/Man-in-the-middle_attack
+
+SSL certificates allow your browser to communicate with any server with no fear of someone being able to intercept your communications.
+
+Technically, a certificate is a document proving the ownership of an encryption key.
+
+> ⚠️ warning
+>
+> a frequent misconception with SSL certificates is they can prevent pirates from doing harm to you. SSL certificates is about **securing your communications** with a server, **it does not guarantee that the server has good intentions**
+
+## 5.1 Certbot and nginx
+
+Setting up SSL certificates manually is extremely complicated to get right. Hopefully, amazing guys created tools allowing us to install certificates easily on servers.
+
+Also, SSL certificates used to be paid (and expensive), but thanks to services like [Let's Encrypt](https://letsencrypt.org/), we can get simple SSL certificates for free. Some advanced SSL certificates are still paid.
+
+Certbot (create by the EFF) automates SSL certificates installation on most operating systems and web servers.
+
+### 5.1.1 Installation
+Let's tell our server where to look for `certbox`
+
+```bash
+apt update
+apt install software-properties-common
+add-apt-repository universe
+add-apt-repository ppa:certbot/certbot
+apt update
+```
+
+and let's install it:
+
+```bash
+apt install certbot python-certbot-nginx
+```
+
+### 5.1.2 Setup
+
+Before everything, we should `nginx` to listen to a specific domain name:
+
+```bash
+nano /etc/sites-enabled/<something>
+```
+
+and replace `server_name: _` by `server_name: <domain.tld>`. Then restart `nginx` (and check the domain name works).
+
+Then, let's run `certbot`:
+
+```bash
+sudo certbot --nginx
+```
+
+> 🃏 hints
+>
+> - use the domain you have linked to this server's IP
+
+### 5.1.3 Test
+
+Go to `https://<host>`, you should see a green lock on your browser.
+
+Let's also test that the auto-renewal works:
+
+```bash
+certbot renew --dry-run
+```
+
+> ℹ️ information
+>
+> Let's Encrypt certificates are only valid 90 days and need to be renewed at this interval. Thanksfully, certbot automates it for us by creating a Cron job.
+
+---
+
+We got HTTPS working, [let's deploy something real](6.deployment.md) now!

Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ This connection method has a big problem though:`
`36`	`36`	- open your bash history `cat ~/.bash_history`
`37`	`37`	`- look at the last line`
`38`	`38`
`39`		`-> 🃏 Hints`
	`39`	`+> 🃏 hints`
`40`	`40`	`>`
`41`	`41`	> - press `ctrl+D` to log out
`42`	`42`	> - if you are using ZSH: `cat ~/.zsh_history`