Blog (and other Qiqitori sites) now accessible via HTTPS

Thanks to Let’s Encrypt, this blog and other sites under the Qiqitori domain are now accessible via HTTPS.

I used to have HTTPS accessibility a couple years ago, but had to open up port 443 for other purposes (circumventing a work firewall). I’ve long left that workplace and since Let’s Encrypt SSL certificates are free, things are back in place now. I’m about one year late to jump on the Let’s Encrypt bandwagon, but that’s mostly because I try to avoid being an early adopter sometimes.

Getting this to work was a whole lot easier than assumed:

nano /etc/apt/sources.list
# insert:
deb http://ftp.debian.org/debian jessie-backports main
# save and exit editor
apt-get update
apt-get install python-certbot-apache -t jessie-backports

# easy option; probably doesn't require manual config editing if your config is straightforward:
certbot --apache
 
# or below command is for people who are familiar with the process (perhaps after having added the first two subdomains):
certbot --apache certonly --domains subdomain.qiqitori.com # requires manual config editing

Don’t worry, the only thing (as far as I can tell) that certbot is doing to your config is change the paths to the SSL certiticate files. You’ll also be asked which file to edit. So maybe just backup your config file, try the automatic command first and then inspect.

One more thing: this blog is running on WordPress, and apparently image tags (with their src attribute) seem to be hard-linked in the database. I don’t have a lot of articles with images, so I thought I’d just try to fix them manually:

select id from wp_posts where post_status='publish' and post_content like '%src="http://blog.%';

This yielded only four IDs, which I then fixed in the normal post editor (change from the “Visual” tab to the “Text” tab) in the admin interface. If you have internal links:

select id from wp_posts where post_status='publish' and post_content like '%href="http://blog.%';

Rather than changing ‘http://’ to ‘https://’, you might want to use ‘//’, which is protocol-agnostic and chooses whatever the current page was loaded over.