Well, that was easy. It just took me about five minutes to get this website going with a free SSL/TLS certificate using Let's Encrypt as the certificate authority. LucasCosti.com now has a padlock! 😀
Side note: here's a nice post explaining the confusing terminology of SSL vs. TLS, and I like Google's approach of sticking to HTTPS, where possible.
My host (Zuver, a VentraIP subsidiary) made the process of generating a Let's Encrypt certificate ridiculously easy. It was pretty much just logging into their admin portal and clicking a button for the domain.
The only things that were left to do was to change a few WordPress settings, correct a few URLs in my theme, and finally insert an Apache .htaccess
rewrite rule (shown below) to redirect all requests to their HTTPS equivalent.
#rewrite rule for TLS enforcement: RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
I think Let's Encrypt is a great initiative, as it provides a way for people like myself (who have no interest in forking over money for a certificate for a personal blog) to enable HTTPS encryption on my domains for no cost and very little effort.
I'll have to see how the certificate renewal works after the 90 day expiry; it should be automatic, but I'm not 100% sure.
Let me know if you spot any issues!