Step by Step Tutorial Webfaction Website http to https

Share this :

Webfaction provides awesome service for Web hosting . I have many Websites hosted via Webfaction , however until now all my websites were http websites i.e. i was able to access my website using http://versionpb.com but not using https i.e. http://versionpb.com . To know more on what is http and https please read following links :

http
https

To make your website https supported we need to have SSL certificates and all the SSL certificates used to be paid sometime ago but as of now there are many ways to get https certificates for free .After doing a lot of research I finally understood that Lets Encrypt is an awesome way to achieve this for free .

I love Lets encrypt and you can read more about it here : Lets Encrypt

I am writing this post to provide step by step procedure to make your webfaction website from http to https . Its really easy and takes around 15 to 20 minutes . Lets Start :

Open Control Panel of your Webfaction Account
Click Domain/Websites from Menu
Click Applications from Sub menu under Domain/Websites
Click Add new Application
Give your Application a name for my case I gave name as ssl_redirect_versionpb
Select App Category as PHP
Select App type as Static/CGI/PHP-7.0
Click Save

Create New Application in Webfaction
Navigate to Websites in Webfaction control panel i.e. Click on Websites Sub-Menu under Domain/Websites Menu
Make a Exact copy of Existing http website and Enable https on it In this tutorial i am assuming that you already have a website configured in Webfaction and have both www and non-www website configured . In case you dont know how to do redirect from non-www to www . Please read it here .If you are not sure how make exact copy of your existing http website use below steps :
1. Click on Add New Website
2. Choose Name as lets say for https//versionpb.com use https_www_versionpb
3. For Security Select https , by default it will select Shared Certificate
4. In Domain Enter the domain of your Website you created in your real http website for example , for my case I entered www.versionpb.com
5. In Contents Select Reuse an existing application and select the application which you have created for your real Website
6. Click Save
7. Similarly create another Website for https_nonwww_versionpb
  
  Create https Website in Webfaction
At this point you must be having 4 websites as follow :
1. http://versionpb.com
2. http://versionpb.com
3. http://versionpb.com
4. http://versionpb.com
You will notice that your HTTPS website says Security HTTPS, using shared certificate. That's OK for now. We'll fix that later.
Open the browser and open your https website , you will notice browser will show security warning , if you click advanced and select continue you will be able to see your website , dont worry we will fix this in a while .

https website warning
Select your HTTP version of your website
Under the Contents section remove your existing application.
Add the new application in the same http website we just created i.e. ssl_redirect_versionpb.
Click Save

http application changes
Now, if you visit your site you will NOT get your usual homepage . Relax thats because We have not done any redirection to HTTPS yet. We will do that now

Usual homepage wont Open
From your local machine open terminal using putty or any other similar tool
In my case as my new app name was ssl_redirect_versionpb , I executed following command . Replace ssl_redirect_versionpb with your application name and execute the below command
vi ~/webapps/ssl_redirect_versionpb./.htaccess
Hit key i (to enter Insert mode and start writing), copy (Ctrl + c) the following text as below
RewriteEngine on

RewriteRule !^.well-known($|/) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
paste it (Ctrl + v) to the opened file (.htaccess).
After pasting, hit the Esc key to exit Insert mode of vi editor
write:wq (this will save the file and quit the vim editor)

Coding Static Redirect
Done with redirection. Now if you visit your site (versionpb.com) you will be redirected to http://versionpb.com, BUT a security warning will arise saying that the site you are trying to visit may be dangerous or so. That's because we are using a shared certificate. Lets fix this

UnSecure https Website
In terminal you must install the terrific acme script. Simply execute the below command in command line of the opened terminal
curl https://get.acme.sh | sh
Everything is done automatically for you (and me!). You should see something "Install success!" at the end of this command execution which means acme is installed successfully.

acme installed successfully
Log out from the terminal and ssh to log back in.
Now you have the command acme.sh available globally. Time to use it.
Before, of course, to request a brand new official certificate from LetsEncrypt, we must request a staging (test) certifiacte, in order to be sure that everything is working properly. Execute the below command : where substitute versionpb.com with your website name and ssl_redirect_versionpb with your app name you created at Step 5
acme.sh --issue --test -d versionpb.com -d www.versionpb.com -w ~/webapps/ssl_redirect_versionpb
If everything worked, you should have 7 files to the path ~/.acme.sh/versionpb.com/ which are (ca.cer, fullchain.cer, versionpb.com.cer, versionpb.com.conf, versionpb.com.csr, versionpb.com.csr.conf and versionpb.com.key). If something is missing, then maybe this is because these are just test certificates and keys. Not usable in production.
Now that everything worked, it's time to issue for the real ones.
Just enter below command where substitute versionpb.com with your website name and ssl_redirect_versionpb with your app name you created at Step 5
acme.sh --issue --force -d versionpb.com -d www.versionpb.com -w ~/webapps/ssl_redirect_versionpb
The above command will fetch the same kind of files (with the same name) but this time this folks are official. Their lifetime is 90 days and LetEncrypt lets you renew your certificates no earlier than 60 days after your last issue. For example, if you issued your certificates today (2017-10-18) then the earlier you can issue them again (renew them) is at 2017-12-17. Of course there is always the option to renew them earlier by using the --force argument , which is added in the command at step 38.
Now go to the SSL certificates from Webfaction Control Panel . Its under Domain/Websites Menu
select Add SSL Certificate
choose Upload Certificate.
This step, you only have to do it once. Give it a name, say mysite_cert

create new certificate in webfaction
copy the contents of ~/.acme.sh/versionpb.com/versionpb.com.cer to a file and the upload it to the Certificate section.
Do the same with the ~/.acme.sh/versionpb.com.key and the Private Key section
finally with the ~/.acme.sh/ca.cer and the Intermediates/bundle section.
All this can be automated as well , so you dont have to create new certificated every 60 days . But i will show that in another post
Go to your websites in Webfaction Control Panel . Its under Domain/Websites Menu
choose the HTTPS version of your domain.
Under the "Security" section, "Choose a certificate" dropdown menu
choose the certificate you created as in step 43 (not the "Shared certificate", of course).
Click Save
Done . Now after DNS propagation i.e. after 3-4 minutes go ahead and try following links ( replacing your website in place of versionpb )
1. http://versionpb.com
2. http://versionpb.com
3. http://versionpb.com
4. http://versionpb.com
You will notice all these will open using http://versionpb.com without any warning .