Almost a year back, I set up my first word press site using AWS EC2 instance. It took some effort to set up and configure the site with security through SSL. Last year I discovered https://startssl.com for SSL Certificates. It was a bit laborious, but it worked well. Unfortunately I forgot to keep tabs and renew the certificate on time. The SSL certificate expired and the site was opened up.
Based on past experience, I went back to the sale Start SSL certificate to get and run certificates. This time around despite all the configurations, the site will not come back in full fidelity. On testing the site I found the site does not work on Chrome on MAC or Windows and Safari on iOS. After probing this further I found this warning:
Mozilla and Google decided to distrust all StartCom root certificates as of 21st of October, this situation will have an impact in the upcoming release of Firefox and Chrome in January. Apple's decision announced on Nov 30th of distrusting all StartCom root certificates as of 1st of December will have an impact in their upcoming security update.
On further research, I found that there are a few interconnected changes have resulted in need for change. Now that StartSSL root certificates are not trusted, it is time to find another trusted source. Thanks to Reddit thread on Certificates, I found a new provider sponsored through EFF at Lets Encrypt provider.
Lets Encrypt goes a further step in providing automated scripts using CertBOT for Apache servers. While CertBOT has a wide range of support, it is experimental in Amazon AMI used by EC2 instances. Nouveau provides quick guide on using CertBOT with Ec2 instances. Using these instructions I was able to get the site back into secure foundation. And now the site says it is secure!
Years of research helped us create secure environment for us to run websites on the Internet. Everyday I am amazed by the creativity and contributions of millions of users on the Internet. Thanks to everyone for the contributions made in kind and sweat!
Leave a Reply