Well, that was easy. It just took me about five minutes to get this website going with a free SSL/TLS certificate using Let's Encrypt as the certificate authority. LucasCosti.com now has a padlock! 😀

Side note:  here's a nice post explaining the confusing terminology of SSL vs. TLS, and I like Google's approach of sticking to HTTPS, where possible.

My host (Zuver, a VentraIP subsidiary) made the process of generating a Let's Encrypt certificate ridiculously easy. It was pretty much just logging into their admin portal and clicking a button for the domain.

The only things that were left to do was to change a few WordPress settings, correct a few URLs in my theme, and finally insert an Apache .htaccess rewrite rule (shown below) to redirect all requests to their HTTPS equivalent.

#rewrite rule for TLS enforcement:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

I think Let's Encrypt is a great initiative, as it provides a way for people like myself (who have no interest in forking over money for a certificate for a personal blog) to enable HTTPS encryption on my domains for no cost and very little effort.

I'll have to see how the certificate renewal works after the 90 day expiry; it should be automatic, but I'm not 100% sure.

Let me know if you spot any issues!