# Python Flask Tutorial: How to enable HTTPS with a free SSL/TLS Certificate using Let's Encrypt

## Метаданные

- **Канал:** Corey Schafer
- **YouTube:** https://www.youtube.com/watch?v=Gdys9qPjuKs
- **Дата:** 24.01.2019
- **Длительность:** 17:13
- **Просмотры:** 146,794

## Описание

In this Python Flask Tutorial, we will be learning how to enable HTTPS on our web server with a free SSL/TLS certificate using a service called "Let's Encrypt". Let’s Encrypt is a Certificate Authority that lets anyone obtain, renew, and manage certificates for their site. They're a non-profit and provide all of this for free, and it's easy to get running on our server, so let's go ahead and get started...

I am using Linode to host my site:
http://bit.ly/cms-linode

Nginx/Ubuntu Certbot Commands:
http://bit.ly/nginx-certbot

How to use Crontab and Cron Jobs:
https://youtu.be/QZJ1drMQz1A


✅ Support My Channel Through Patreon:
https://www.patreon.com/coreyms

✅ Become a Channel Member:
https://www.youtube.com/channel/UCCezIgC97PvUuR4_gbFUs5g/join

✅ One-Time Contribution Through PayPal:
https://goo.gl/649HFY

✅ Cryptocurrency Donations:
Bitcoin Wallet - 3MPH8oY2EAgbLVy7RBMinwcBntggi7qeG3
Ethereum Wallet - 0x151649418616068fB46C3598083817101d3bCD33
Litecoin Wallet - MPvEBY5fxGkmPQgocfJbxP6EmTo5UUXMot

✅ Corey's Public Amazon Wishlist
http://a.co/inIyro1

✅ Equipment I Use and Books I Recommend:
https://www.amazon.com/shop/coreyschafer

▶️ You Can Find Me On:
My Website - http://coreyms.com/
My Second Channel - https://www.youtube.com/c/coreymschafer
Facebook - https://www.facebook.com/CoreyMSchafer
Twitter - https://twitter.com/CoreyMSchafer
Instagram - https://www.instagram.com/coreymschafer/

#Python #Flask

## Содержание

### [0:00](https://www.youtube.com/watch?v=Gdys9qPjuKs) Segment 1 (00:00 - 05:00)

hey there how's it going everybody in this video we're going to secure our web server and enable https on our website with a free certificate using a service called let's encrypt so I have my website pulled up right now and we can see in the last video uh we set this up so that we have a domain name working which I have my domain name here as my awesom app. com uh but if we also look at the top left here we can see that it says not secure uh so this website is not using SSL certificates and that's why it's not secure and we can uh if you go to a website sometimes they'll have a little lock up here and that means that the website is secure so in this video that's what we're going to do and that using a service called let's encrypt and let's encrypt is a certificate Authority that lets anyone obtain renew and manage certificates for their site now they're a nonprofit and provide all of this for free and it's easy to get running on our server so let's go ahead and get started and see how to do this now first you're going to want to SSH into your server now if you're coming to this tutorial and haven't seen the previous videos in this series then that's not a big deal but you will need SSH access to your server in order to get this running and that's something that we covered in previous videos so once we're in our server we simply need to run a few commands now in order to find the commands that you need to run for your operating system you simply want to go to the let's encrypt website which we have pulled up here and then you're going to want to go to the get starting page and from here if we look down in the section where we have uh shell access we can see that let's encrypt recommends the cbot client uh and that makes it super easy to get these certificates working on our server so I'm going to click on that cbot link and once we're on the cbot website now we want to choose the web server and operating system that we're using now for our Flash series we're using engine X and auntu 1804 uh so I'm going to select those options but you want to select whatever uh web server and operating system that you're using so that's what I'm doing here and once we do that it's going to pull up the documentation and the commands that we need to run for enginex on auntu 1804 so this gives you all of the commands that you need to run they also have a lot of explanation as to what you're doing with these commands if you read through this uh now I would suggest you read through the page if you'd like to see more information and detail about these commands uh but I have all of these commands pulled up in a text file here on my machine and I also have these available in my GitHub if anyone would like to follow along and copy these and I'll leave a link to that in the description section below so these are the commands that I just took from that cbot website and again uh this is for engine X and auntu so if you're using a different web server or operating system then you're going to need to uh get the commands for your server and Os okay so I also have uh my server pulled up here and my terminal so I'm sshed into my machine and now we just want to run these commands on the machine now I'm simply going to copy these into the terminal since I'm kind of a slow typer and I'll do these one at a time so I will go ahead and start here so I will paste in the first one sudo apt get update and we'll need to put in the sudu password for the first time and I'll just go through these one at a time so this one goes onto the next line here so this one is sudu appg get install software properties common so we'll run that one went pretty quick uh sudu apt repository or add apt repository so we're adding a repository called Universe here so I'll run through that one uh now some of these take a little bit of time uh so if you need to pause the video uh then you can pick up when these are done but I'm just going to fast forward to where these are complete uh completed with installing okay so that one's actually complete so now I'll add another repository here so PA cbot so we'll run that so this one is asking me to hit or enter to continue so I'll do that and now that's installing okay now it's telling us we should uh run sudu aptg update again so I'll clear my screen and run that and finally once that is done then we can run sudu aptg install uh python cbot engine X so I will run that and this one's going to ask me if we want to continue so I will just uh hit enter to accept the default of yes okay so once that is done we are ready to run this cbot command uh but first i'm going to make a change to my engine X configuration before we run this next command uh I currently have our server name set as the IP address and I'm instead going to change that to be our domain name so to do this I'm going to open up our uh engine X configuration in Nano so I'll say pseudo Nano and that is in forc for SL uh engine X um for SL

### [5:00](https://www.youtube.com/watch?v=Gdys9qPjuKs&t=300s) Segment 2 (05:00 - 10:00)

sites enabled whoops that is sites enabled okay and the uh configuration file I called this one flask blog now sorry that this is running on two lines here I kind of have to trade off between uh having this text large enough for you all to read it and um but also that makes it run onto a new line sometimes I'll go ahead and uh spread this out for now so that we can see that okay so I'm going to open that in Nano and for our server name here uh we currently have this set as the IP address but now that we have a doain name I'm going to go ahead and put that in there instead so in my case that's www. my awesome app. com so now I'll save that by hitting contrx y to save and then hit enter okay so now I'm going to run that cbot command for engine X and that will automatically update a lot of our configurations to work with these certificates so if I look back in the commands here that is sudu cbot uh with the engine X option there so I will uh paste that in and run that and now this is going to ask us to insert some information here uh so we need an email address so I will put in my email address there and now it's going to ask us to accept some terms and conditions uh so I'm going to put a for agree and now it's asking us if we want to uh share our email address with the foundation uh for the nonprofit so that they can send us you know updates about encrypting the web news campaign stuff like that uh that's optional I'm just going to say no to that um okay and now it's saying which names would you like to activate https 4 uh so we can either select the appropriate numbers here if there were more than one uh or if we just want all of these then we can just hit enter so I'm just going to hit enter Because my awesome app is the only one in there and now once that is done it should ask us if we want to redirect or not so this is just going to take a second here okay so now this is asking us if we would like to redirect so the option number one here is no redirect so that means that uh we could go to the HTTP version of our website and the https version now number two here redirect that makes all of the requests redirect to secure https access now I almost always choose number two here well I always choose all number two there I'm not sure why you would want uh both enabled uh but I always want to redirect our users to the secure version of the website so I'm going to say number two there to redirect and now that is done it says congratulations your certificate and chain have been saved and gives you the locations and if we scroll up here a little bit uh then we can see that it updated some configurations here within our engine X um file here so it changed this engine X sites enabled flask blog file so let me cat that file so that we can see what changes it made so I'm going to clear my screen and now I'm just going to hit the up Arrow a couple times so originally we did a nano on that file but I just want to cat that file to see uh what changes it made okay so we can see uh and actually some of these are going on new lines so let me actually just Nano that file I think it would be uh easier to read if I did that okay so let's look at some of the changes that it made in here okay so we can see within our first server block here where we have our uh static location and the gunicorn proxy um that now this is listening on Port 443 which is SSL and also it added some SSL certificate options down here for us some variables here now we also said that we wanted that traffic on HTTP to be redirected to https uh so if we scroll down here a little bit we have another server block here and this one is listening on Port 80 which is HTTP and it is redirecting us uh we see here if it says if the host is equal to uh my awesom app. com then return a 301 which is a redirect to the https version of that website so that's good that cbot command automatically updated this these configurations for us so that we didn't have to you know dive into this documentation and see exactly how to do redirects and stuff like that so that is good now if you have problems with that automatic cbot command running into any issues then I would recommend going back to their website and looking at the CT only installation and walking through from there uh so that will allow you to modify your configuration files manually instead of it changing those automatically for you uh but I've personally always found it easier to

### [10:00](https://www.youtube.com/watch?v=Gdys9qPjuKs&t=600s) Segment 3 (10:00 - 15:00)

just let it do most of that for me automatically okay so we're just about done here uh but one more thing that I want to point out is that if you test your engine X configuration it might look like you have an issue so if I say engine x-t which will test our configuration then we can see that we get a couple of alerts here so uh it says that our SSL permission is denied here and things like that now those are just permission issues and you can expect that uh the reason that we're getting those is that we should run that command using Pudu and you'll find that you don't have any of those syntax problems so if I run that same command and instead use sudu I'm going to clear my screen before I do that if I run that then we can see that it says that the syntax is okay and that the configuration test is successful okay so that looks good um now all we have to do is allow https traffic to our website and then all of this should work so if you've been following along with this series then when we set up a firewall we originally only allowed HTTP traffic uh so now we need to allow https so we can do that just by saying sudu ufw allow https so we can see that it added that rule um now you can disallow HTTP traffic if you'd like but since we're redirecting that traffic anyway I'm just going to leave it uh there so now let's restart our server uh for these changes to take effect and then we'll take a look at our website to see if this all worked so I'll restart the server by saying system CTL restart engine X run that okay now let me bring up our browser here and go back to our website now if you look in the top left here it says not secure so if I reload this page then now we can see that we're going to the https version of this website and now there's a little lock here and if we click on that lock it says connection is secure uh your passwords credit card numbers is private when it is sent to this site so that's perfect it's working uh just as expected now just to make sure that this is working on all pages with our functionality uh let's go ahead and log in and see if uh our functionality is working on https as well so I'm going to log in using my email and I believe my password was that okay yep that was it okay so now let's look at a post here so we can see that even though the URL is you know forpost sl27 we're still on the https version of this website and it's still secure and we can update our post so my latest updated post if I post that then we can see that all of that is done with our lock in the top corner so I'm not going to go through all the functionality of the website uh I think we can assume that that's working well okay so these certificates last for around I think 90 days and after that they'll need to be renewed now we don't want to do this manually every 90 days so let's set this up to where it does it automatically for us so first let's run a dry run of what a renew looks like so I'm going to uh pull back up our terminal here and to do a dry run of a certificate renewal we can simply say sudu cbot renew and then Dash D dry-run so if I run this then this just simulated a renewal for us but it didn't actually do a real renewal so we can see uh congratulations all renewals uh succeeded and that this was just a dry run so that's great so now let's create a Cron job that will renew this every month or so like I said uh the certificates are good for about 90 days uh but we can just run the renew command every month or so and that should be fine now if you've never run KRON jobs before uh basically it's a way to run demands at certain intervals and I have a separate video on working with KRON in general if you want to learn more about it in detail and I'll leave the link to that in the description section below um okay so if we want to edit our cron tab we're going to want to do that with Pudu so that the commands that we add to that cron tab will be run as root so I'm going to clear my screen here so I'm going to say sudu cron tab d e and that'll edit the roots cron Tab and now we need to choose editor uh since we don't have one set up by default I'm just going to choose one for Nano and now I'm going to scroll down here a little bit now the uh documentation in here uh yours might be empty but this is just documentation kind of explaining how uh cron tab works as well so for our Cron job let's just say that we want to renew our certificate at 4:30 a. m. on the first of every month so in order to do that I will do a 30 for the minutes a four for the hour so 430 30 uh one for the day so

### [15:00](https://www.youtube.com/watch?v=Gdys9qPjuKs&t=900s) Segment 4 (15:00 - 17:00)

the first of each month and then I'm going to do an asteris for the month so that means it'll do it every month and an asteris for the day of the week which means it'll do it no matter what day of the week it is uh and now we can put in our Command so I'll do sudu certbot renew and now we don't want to use the dry run command here because we actually want to renew their certificate one thing I will put in is a-- quiet option and that'll just run it in the background uh you know without any feedback okay so to save that I'm going to hit crl X Y to save and then enter I can clear my screen here okay so I think that is going to do it for this video so hopefully now you feel comfortable setting up SSL encryption and https for your websites using a service like let's encrypt now as usual there's still a lot that we can do with this website uh I'm still going to do a video showing you all how to deploy to a service like Heroku uh we'll also see how to use a postgress database uh instead of SQL light since we're still using the SQL light database in the background um also I prefer to have my website set up so that the www version of the website gets redirected to the non ww version of the website um so for example if you go to www. twitter. com Twitter actually just gets rid of the www and redirects you to twitter. com instead uh so that's how what I prefer to do with my websites and I can show you how to do that in a future video as well so those will likely be the next videos that I work on for this series but if anyone has any questions about will be covered in this video then feel free to ask in the comment section below and I'll do my best to answer those and if you enjoy these tutorials and would like to support them then there are several ways you can do that the easiest way is simply like the video and give it a thumbs up and also it's a huge help to share these videos with anyone who you think would find them useful and if you have the means you can contribute through patreon and there's a link to that page in the description section below be sure to subscribe for future videos and thank you all for watching

---
*Источник: https://ekstraktznaniy.ru/video/12013*