Getting a free SSL certificate for my Ghost blog using letsencrypt and certbot

Ghost editor using encryption
For some time I have been worried about the risk of someone snooping my username and password for editing my home-run Ghost blog.
If someone got hold of my username and password, they would be able to post on the blog. Not a good thing, right?!

My blog is running on the Ghost blogging-platform, hosted on my personal CentOS Linux server.
Ghost uses NodeJS for the internals, and between the browser user and NodeJS, I have the Apache HTTP server.

I have just enabled SSL on the blog, and it was extremely easy. Total work time was just under an hour.

I used the free Certbot tools and the free letsencrypt certificate authority.

So a quick overview of what needs to be done to get it working:

  • Allow HTTPS traffic in any firewalls involved - to the web server
  • Enable EPEL on CentOS Linux
  • yum install certbot-apache
  • certbot -apache
  • Answer a few questions

After this, the server is running your site with HTTPS.

You should create a daily cron job that will renew the certificate(s).
I just created a file in /etc/cron.daily/certbotrenew
containing

  • certbot renew