Achievement unlocked: Padlock

The COVID19 lockdown here in Singapore gave me some time to dig into an issue that has been bugging me about for a while. Since before browsers started indicating sites which don’t use HTTPS it’s been in my to-do list. I looked into it when I first moved the site to AWS but didn’t get it done. So the other day I sat down and figured it out. Wasn’t that hard. I originally thought I would put the SSL on a Elastic Load Balancer on AWS but given that you have to pay for the ELB and this site hardly justifies any infra based on visits… I decided not to worry about the fact that my first try didn’t work and I kept digging into ways to enable HTTPS on the site. In the end I found [] which is dedicated to helping sites move to HTTPS.

I stumbled again trying to follow their simple instructions because their automated tool, certbot [] from the Electronic Frontier Foundation, didn’t know what to do on a Amazon Linux 2 box. It told me I would need to install all the dependencies and such myself and directed me to documentation which was a dead link… (see here: [], nice 404). So… back to Google, or actually DuckDuckGo [] in my case. And after a few permutations of terms I found this tutorial on AWS: Configure SSL on Amazon Linux 2 []. And that worked like a charm.

But still, no padlock…

Screenshot of Chrome address bar showing with "Not Secure" indicator.
HTTPS but no padlock

Lucky Let’s Encrypt directs you to SSL labs‘ [] SSL Server Test page where you can check on your site. A few minutes later the problems were listed on the report page. A couple of hard failures where I was loading things from other sites over HTTP, font libraries from Google. and a bunch of soft failures related to old images what were linked with HTTP not HTTPS. A quick edit of the site header page fixed the Google font libraries link and a quick search and replace on old posts, using the Search Regex plugin (which I installed long ago to fix some other things) and viola! Achievement unlocked, site locked:

Screenshot of Chrome address bar showing with secure indicator icon - a locked padlock.
Shiny new padlock