The COVID19 lockdown here in Singapore gave me some time to dig into an issue that has been bugging me about Confusion.cc for a while. Since before browsers started indicating sites which don’t use HTTPS it’s been in my to-do list. I looked into it when I first moved the site to AWS but didn’t get it done. So the other day I sat down and figured it out. Wasn’t that hard. I originally thought I would put the SSL on a Elastic Load Balancer on AWS but given that you have to pay for the ELB and this site hardly justifies any infra based on visits… I decided not to worry about the fact that my first try didn’t work and I kept digging into ways to enable HTTPS on the site. In the end I found letsencrypt.org [letsencrypt.org] which is dedicated to helping sites move to HTTPS.
I stumbled again trying to follow their simple instructions because their automated tool, certbot [eff.org] from the Electronic Frontier Foundation, didn’t know what to do on a Amazon Linux 2 box. It told me I would need to install all the dependencies and such myself and directed me to documentation which was a dead link… (see here: letsencrypt.readthedocs.io [readthedocs.io], nice 404). So… back to Google, or actually DuckDuckGo [duckduckgo.com] in my case. And after a few permutations of terms I found this tutorial on AWS: Configure SSL on Amazon Linux 2 [amazon.com]. And that worked like a charm.
But still, no padlock…
Lucky Let’s Encrypt directs you to SSL labs‘ [ssllabs.com] SSL Server Test page where you can check on your site. A few minutes later the problems were listed on the report page. A couple of hard failures where I was loading things from other sites over HTTP, font libraries from Google. and a bunch of soft failures related to old images what were linked with HTTP not HTTPS. A quick edit of the site header page fixed the Google font libraries link and a quick search and replace on old posts, using the Search Regex plugin (which I installed long ago to fix some other things) and viola! Achievement unlocked, site locked: