Securing your website with HTTPS is essential for protecting user data and enhancing trust. Using Let's Encrypt, a free certificate authority, combined with HAProxy, a reliable load balancer, makes this process accessible and efficient. In this guide, we'll walk through the steps to configure HTTPS on your website using these tools.

Prerequisites

  • A server running Linux (Ubuntu, CentOS, etc.)
  • Root or sudo access to the server
  • HAProxy installed and configured as a reverse proxy
  • Domain name pointing to your server's IP address
  • Basic knowledge of terminal commands

Installing Certbot for Let's Encrypt

Certbot is a popular tool for obtaining and renewing SSL certificates from Let's Encrypt. To install Certbot, run the following commands based on your operating system.

For Ubuntu:

sudo apt update

sudo apt install certbot

For CentOS:

sudo yum install epel-release

sudo yum install certbot

Obtaining an SSL Certificate

Once Certbot is installed, request a certificate for your domain:

sudo certbot certonly --standalone -d yourdomain.com -d www.yourdomain.com

Follow the prompts to complete the process. Certbot will generate the certificate files typically located in /etc/letsencrypt/live/yourdomain.com/.

Configuring HAProxy with SSL

Next, configure HAProxy to use the SSL certificates. Edit your HAProxy configuration file, usually located at /etc/haproxy/haproxy.cfg.

Add or modify the frontend section to include SSL settings:

frontend https_in
    bind *:443 ssl crt /etc/letsencrypt/live/yourdomain.com/fullchain.pem \
                     crt /etc/letsencrypt/live/yourdomain.com/privkey.pem
    mode http
    default_backend servers

Ensure the backend section points to your web server:

backend servers
    server web1 127.0.0.1:80 check

Testing and Renewal

After restarting HAProxy to apply changes, test your website by visiting https://yourdomain.com. You should see the secure padlock icon in the browser.

Let's Encrypt certificates are valid for 90 days. To automate renewal, set up a cron job:

0 12 * * * /usr/bin/certbot renew --quiet --post-hook "systemctl reload haproxy"

This ensures your SSL certificate remains up-to-date without manual intervention.

Conclusion

Using Let's Encrypt with HAProxy provides a free, reliable way to secure your website. Follow these steps to implement HTTPS and keep your site safe for your visitors.