# Python Django Tutorial: How to enable HTTPS with a free SSL/TLS Certificate using Let's Encrypt

## Метаданные

- **Канал:** Corey Schafer
- **YouTube:** https://www.youtube.com/watch?v=NhidVhNHfeU
- **Дата:** 24.01.2019
- **Длительность:** 20:47
- **Просмотры:** 153,500

## Описание

In this Python Django Tutorial, we will be learning how to enable HTTPS on our web server with a free SSL/TLS certificate using a service called "Let's Encrypt". Let’s Encrypt is a Certificate Authority that lets anyone obtain, renew, and manage certificates for their site. They're a non-profit and provide all of this for free, and it's easy to get running on our server, so let's go ahead and get started...

I am using Linode to host my site:
http://bit.ly/cms-linode

Apache/Ubuntu Certbot Commands:
http://bit.ly/apache-certbot

How to use Crontab and Cron Jobs:
https://youtu.be/QZJ1drMQz1A


✅ Support My Channel Through Patreon:
https://www.patreon.com/coreyms

✅ Become a Channel Member:
https://www.youtube.com/channel/UCCezIgC97PvUuR4_gbFUs5g/join

✅ One-Time Contribution Through PayPal:
https://goo.gl/649HFY

✅ Cryptocurrency Donations:
Bitcoin Wallet - 3MPH8oY2EAgbLVy7RBMinwcBntggi7qeG3
Ethereum Wallet - 0x151649418616068fB46C3598083817101d3bCD33
Litecoin Wallet - MPvEBY5fxGkmPQgocfJbxP6EmTo5UUXMot

✅ Corey's Public Amazon Wishlist
http://a.co/inIyro1

✅ Equipment I Use and Books I Recommend:
https://www.amazon.com/shop/coreyschafer

▶️ You Can Find Me On:
My Website - http://coreyms.com/
My Second Channel - https://www.youtube.com/c/coreymschafer
Facebook - https://www.facebook.com/CoreyMSchafer
Twitter - https://twitter.com/CoreyMSchafer
Instagram - https://www.instagram.com/coreymschafer/

#Python #Django

## Содержание

### [0:00](https://www.youtube.com/watch?v=NhidVhNHfeU) Introduction

hey there how's it going everybody in this video we are going to secure our web server by enabling https on our website with a free certificate using a service called let's encrypt so we can see uh I have my website up here now and in the last video we added a custom domain name and my domain name is www. my awom app. com but we can see in the upper left here that it says that this is not secure um so it says your connection to this site is not secure so in order to get that to be secure on most websites you'll see a little lock in the top left there uh we need to add an SSL or TLS certificate and we're going to do that using a service called let's encrypt so I have let's encrypt pulled up here in my browser and let's encrypt is a certificate Authority that lets anyone obtain renew and manage certificates for their site now they're a nonprofit and provide all of this for free and it's easy to get running on our server so let's go ahead and get started and see how to do this so first of all you're going to want to SSH into our server so if you're coming to this tutorial and haven't seen the previous videos in the series then it's not a big deal but you will need SSH access to your server in order to get this running and that's something that we covered in previous videos and once we're in our server we simply need to run a few commands so in order to find the commands that you need to run for your operating system you'll simply want to go to the let's encrypt website which we have pulled up here and then you're going to want to go to the getting started page now from here if we look in the section where it says uh that we have shell access they recommend using this cbot client so this cbot client makes it super easy to get these certificates working on our server so I'm going to click on the cbot link and

### [1:47](https://www.youtube.com/watch?v=NhidVhNHfeU&t=107s) Choose your web server and operating system

once you click on that cbot link now you're just going to want to choose the web server and operating system that you're using so for our D Jango site we are using Apache and auntu 1804 so I'm going to uh it says I'm using and then there's a drop down I'm going to select Apache and then it says on and that's our operating system now I'm going to select auntu 1804 but you are going to want to uh choose your web server and your operating system so these are the instructions for Apache on auntu 1804 so this page here gives you all of the commands that you're going to need to run on your server and they also have a lot of explanation as to what you're doing with these commands if you read through this now I suggest that page if you'd like to see more information about these commands but I also have all of these commands pulled up in a text file here on my machine and I'll have these available on my GitHub as well if anyone would like to follow along and copy these and also again this is for aachi and auntu so if you're using a different web server or operating system then you're going to need to get the commands for your server and your OS uh so I have those commands here and if I pull up my

### [2:55](https://www.youtube.com/watch?v=NhidVhNHfeU&t=175s) Install the commands

terminal I'm also uh sshed into my Jango server okay so I'm simply going to copy these commands into my terminal since I'm a slow typer and I'll do these one at a time so these are the commands that cbot gave me so I will just paste these in one at a time so first we have our pseudo app get update and I'll have to put in the sudu password and I will uh some of these commands will take a little bit of time so if there's one that takes too long I will just uh skip forward through that okay so now we want to do this Pudu appt get install uh software properties common so I'll run through that okay that finished pretty quickly uh sudu apt repository universe so we are adding a repository here so I will run through that okay so that one took a little longer to install for me so I just fast fored through that uh if you need to pause until that finishes then feel free to do that but I'm just going to uh fast forward so that we can move on here so now I'm going to add another repository here and this is a PPA bot so I will run through that and here on this one it's asking us to hit enter to continue so I'll just there okay and once that is complete we need to do a Pudo aptg uh update again so I will paste that in okay and lastly uh here we have this Pudo appg get install uh python cbot Apache so I will clear my screen and run that and this one will also ask you if you want to continue so I will just uh hit enter for the default of yes and let that install Okay so once

### [4:32](https://www.youtube.com/watch?v=NhidVhNHfeU&t=272s) Update Apache configuration

that is finished we are ready to run the cbot command but if you've been following along with these videos then we actually need to make a change to one of our config files at this point uh because we're going to run into a problem if we don't make a couple of changes so first of all let's update our Apache configuration file so that we have our domain name in the server name variable uh so to update that I can say Let Me Clear My screen here I'll say sudu Nano and that is ATC SL Apache 2 SL sites-available uh sorry that this is going on to another line here I want this large enough to where you all can read it um and now uh that is within Jango pro. com so I will run that and actually just so we can read a little better let me uh expand this over our text file there for a second so now down here we're going to set this server name uh to our website so I'm going to uncomment out that and then I'm going to put in my domain name which is my awesom app. com and I'm also going to uh just bring this down a line here to spread that out a bit now there's also one more thing that we're going to change temporarily here in our configuration file so when we run that cbot command it's going to try to create an SSL configuration using this existing file and some of the configurations that we have in this exist existing file aren't allowed to be duplicated so we need to temporarily comment out some of these uh commands and we'll uncommon out those uh once it creates the new configuration successfully so the ones that we need to comment out are down here at the bottom if I scroll down a little bit these wsgi commands here so I'm just going to comment these out for now and now I will uh hit control x uh y to save and then hit enter to keep that same file name okay so now I'm going to run the cbot command for Apache and this will automatically update a lot of our configurations to work with these certificates so that command if I look back at the text file here is sudu cbot Apache so I'll copy that let me clear my screen here I'll make this large again and I will paste that in and now it's going to ask us a couple of questions here so you can see that it's saying uh to in input our email address so I will just put in my email address Corum shaer gmail. com now it's asking us to agree to the terms of service here so I will agree uh lastly it's asking us if we it wants us to share our email address and that is so that it can send you emails about the nonprofit uh like let's see their work encrypting the web eff news campaigns I'm going to say no to that one uh that one's not necessary that's optional so I'm just going to say no to those emails and now it's saying which names would you like to activate https for uh the only one that it has here is www. my awom app. com so it says to select the appropriate numbers uh or just hit enter to accept all of these up here so I'm just going to hit enter to do that one okay so we can see that did a couple of things up here so it said that it created an SSL vhost uh within our sites available folder at D Jango project lsl. com um it also enabled some Apache modules here um and also uh made a few more changes as well so now it's asking us if we would like uh to redirect or not so r no redirect uh means that we could go to http version of our website and https if we redirect it makes all of the requests uh redirect to secure https access now I almost always choose redirect I'm not sure why somebody would allow HTTP access instead of a secure access uh but I always want us to be on the secure version of the website so I'm just going to say to redirect um okay and then it says congratulations uh your certificate and chain have been saved it tells you the locations and also it uh changed our um configurations okay so now let me clear my screen here and

### [8:48](https://www.youtube.com/watch?v=NhidVhNHfeU&t=528s) Pseudocat

let's uh cat out the configuration file that we had before so I'm just going to hit up Arrow a couple of times now Nano is where we change that file but I'm just going to do a pseu cat on that to display that file in and in its entirety so now if we look at this uh so I'm scrolled up at the top here let me scroll down to the changes that it made so you can see that we still have our aliases still have our directories we have our commented out section here but at the very bottom it put this uh code here so it turned the rewrite engine on and it is rewriting our conditional where if the server name is equal to my awesome. c then it'll rewrite us to the https version of that so that's what redirects us to the secure version of our website so I'm going to clear my screen

### [9:42](https://www.youtube.com/watch?v=NhidVhNHfeU&t=582s) Django SSL Configuration

website I'm going to clear my screen here uh now I'm going to hit the upper Arrow one more time now instead of this D Jango project. comp remember it created this other configuration file D Jango project- l- ssl. com I'm going to print that out so now if I scroll up here we can see that it's basically the same except instead of Port 80 it's at Port 443 that's the SSL Port um if I scroll down here a little bit it copied all of this stuff here so we have our aliases I have our directories we have our commented out uh wsgi uh variables there which we'll have to uncomment it uh but also down here at the bottom we have our SSL certificates so we can see that it's linking to our files so that's the reason that I commented out uh these w SGI lines here uh because if you didn't comment those out and it tried to recreate this new SSL configuration then you would get an error that says that you're not allowed to duplicate these commands so now I'm just going to delete those commands from the other configuration and then uncomment out uh these here in the new configuration so

### [10:49](https://www.youtube.com/watch?v=NhidVhNHfeU&t=649s) Modify Django SSL Configuration

first I'm going to clear my screen here I'm going to uh do a sudu Nano back on our original uh Jango project. configuration so I'm going to run that so this is the one that is on Port 80 so I'm going to come in here and I'm simply going to remove a few things uh from this configuration so remember we have all of this information in our new configuration file so we can delete most of this from our original configuration so uh within Nano you can hit control K to remove a line so I'm just going to remove our aliases I'm going to remove this directory here and our wsgi commands now be careful not to delete the rewrite lines here we want to keep those rewrite lines so basically all we need in our Port 80 logic here uh we have our server name and all that that's good uh but really we just want to rewrite all that traffic from Port 80 to https so I will save that by hitting control X Y to save and then hit enter and now I'm also going to edit the new configuration file so that is Jango _ project- le- ssl. com so I will edit this file and in here I'm going to keep everything that we have right now but I'm just going to uncomment out our wsgi lines and I'll go ahead and remove those empty lines there as well so I will uncommon out these lines here and that will allow our web server to talk to our D Jango code so now I'll save that by hitting control X Y to save and then hit enter okay so that should get our website working correctly now for most websites that automatic cbot command is going to run without any issues but in our case we had to make those couple of changes now if you have any problems with the automatic cbot command running into any issues then uh and you still haven't fixed them with what we did in this video then I'd recommend going back to their website and looking at the CT only installation and walk through from there uh that will allow you to modify your configuration files manually instead of it changing those automatically for you but I've always found it easier to let it do most of that stuff automatically like we did here okay so we are just about done but there are a couple more things that we

### [13:10](https://www.youtube.com/watch?v=NhidVhNHfeU&t=790s) Troubleshooting Apache CTL Configuration

need to do uh now one thing I want to point out is that if you test your Apache config uh it might look like it has some issues so if I say Apache CTL uh config test and run that then we can see that it thinks that we have some syntax errors so it's says syntax error on line 51 uh with this SSL certificate file it says that it doesn't exist or that it is empty but really that's just a permissions issue you should run that command using Pudu and you'll find that you don't have any syntax problems so if I rerun this Apache CTL command uh config test but put Pudu in front of it then we're not going to have uh that issue we still get that uh we have a warning here that says could not reliably determine the server's fully qualified domain name but that's something that was already there uh don't worry about that for now uh it's nothing that will affect our website in any way um okay so now that uh we have

### [14:09](https://www.youtube.com/watch?v=NhidVhNHfeU&t=849s) Allow HTTP Traffic

all of this working uh all we have to do is allow https traffic to our website and then it should just work so if you've been following along with this series then if you remember we set up a firewall and originally we only allowed HTTP traffic so we can allow http s traffic simply by saying sudu ufw allow https so if I run that that's going to allow https traffic now you can disallow HTTP traffic if you'd like but since we're redirecting that traffic anyway I'm just going to leave it there so now let's restart our uh web server for these changes to take effect and then we will test it out in the browser so now I'll say sudu service Apache 2 restart so I'll restart that server and now let's bring this up in our browser so I

### [15:02](https://www.youtube.com/watch?v=NhidVhNHfeU&t=902s) Testing

have my browser open here now remember this was the non-secure version of our website so let me reload this okay and when I reloaded that we can see that now uh we have https instead of HTTP and also we have a lock here in the top left so if I click on that lock it says that our connection is secure so that is good that is definitely what you want uh in a produ website um so now let's just test a little bit of functionality I'm not going to test everything here so our username was Corey M shaer um actually I believe that username oh yeah that username was actually just Corey Ms so I log in with that Corey Ms user that we created and I believe the password for that okay so we are logged in here and now just let me try to update a post so we can see when I go to one of the posts that I've created we're still on a secure site here it's still https so all of this is https traffic and we can do everything that we um did before so my latest updated post I'll just update that to be my latest post so paste that still on https secure connection that's good I go back those changes took effect so it looks like everything is working with our secure connection now one thing about these certificates is that they last for I think around 90 days and after that they'll need to be renewed now we won't want to do this manually every 90 days so let's just set this up to where it does it automatically so let's go back to our web server and let me clear the screen

### [16:38](https://www.youtube.com/watch?v=NhidVhNHfeU&t=998s) Demo

so first let's do a dry run of what a renew would look like so to do a dry run I can say sudu cbot renew and that would renew our certificate but to do a dry run of this they have a command that is uh-- dry-run so I'll run that okay so that just simulated a renewal it didn't actually renew our certificate uh but we can see that the simulated renewal looks good it says congratulations all renewals succeeded uh so now let's create a KRON job that will run this renew command every month or so like I said uh the certificate is good for 90 days but we can just run the renew command every month or so and that'll be fun now if you've never run Crown jobs before basically it's a way to run commands at certain intervals uh I have a separate video on working with KRON in general if you would like to learn more about it in detail and I'll leave a link to that video in the description section below uh but for now uh let's say that we want to edit our cron tab uh to run this every month so we're going to want to edit our cron tab with sudu so that the commands that we add to that will be run as root so I'll say sudu Chon tab d e and now it's going to ask us to choose an editor if we haven't selected uh a default so I'm just going to hit one to do Nano here since that's what we've been using and now I will scroll down here and this documentation will help you with KRON tab as well if you've never used it so it'll kind of give you an idea of uh what all of these placeholders are uh but for ours let's say that we wanted to run that renew command at 4:30 a. m. on the first of every month so I will put in a 30 for the minutes a four for the hour a one for the day of the month and then just an asteris for the month and the day of the week that means it'll run every month and on any day of the week okay so now the command that we want to run is sudo uh certbot uh renew and also I'm going to tag on a quiet there too that way it runs in the background now you don't want to do that dry run here because we actually want to renew this every month uh so we don't want to put the dry run option there so if this looks good then we can save this by hitting contr x uh y to save and then hit enter okay so now you should have that certificate working on your server and that renew command will get run every month uh so that this is automatically renewed for us so that's good okay so I think that is going to do it for this video uh hopefully now you feel comfortable setting up SSL encryption and https for your websites uh using a service like let's encrypt now as usual there's still a lot that we can do with this website I'm still going to do a video showing you all how to deploy to a service like Heroku uh we'll also see how to use a postgress database instead of SQL light like we're using now um and also I prefer to have my website set up so that the www version of a website gets redirected to the non ww version of a website so for example www. twitter. com gets rid of the www part and just re redirect you to twitter. com and I can show you how to do that in a future video as well uh so those will be the next videos that I'll work on for this series but if anyone has any questions about what we covered in this video then feel free to ask in the comment section below and I'll do my best to answer those and if you enjoy these tutorials and would like to support them then there are several ways you can do that the easiest way is to Simply like the video and give it a thumbs up and also it's a huge help to share these videos with anyone who you think would find them useful and if you have the means you can contribute through Pat and there's a link to that page in the description section below be sure to subscribe for future videos and thank you all for watching

---
*Источник: https://ekstraktznaniy.ru/video/12001*