After the invitation email to the closed Letsencrypt beta a few days ago I set everything up to enable the new certificate on on my major websites:

  • www.natenom.com
  • natenom.de
  • wiki.natenom.de
  • wiki.natenom.com
  • piwik.natenom.com
  • f.natenom.de
  • and a few old websites mostly to forward to the new ones

The other domains will follow as soon as whitelisted by Letsencrypt. Got the email today; done :)

The default is still HTTP because nobody except me needs to login on any of my websites and everything is public anyway. After reading this I decided to make HTTPS the default and thus enabled HTTP Strict Transport Security (HSTS) as described in this tutorial :)

The results is an A+ rating on SSLLabs.com :)

WordPress

In this WordPress blog I had to change both „WordPress-Address (URL)“ and „Website-Address (URL)“ to https://…

Then I used the WordPress plugin „Search Regex“ to replace every http://-URL to images in this blog and to my other websites with https://.

Trouble with Piwik

Because of a self hosted Piwik instance I had some trouble and had to do a bit of configuration stuff in order to make https AND http work.

Instead of setting http or https in the Piwik URL one has to set it without a protocol prefix, so instead of  „https://piwik.natenom.com“ or „https://piwik.natenom.com“ set it to „//piwik.natenom.com“.

If the client uses http it will use http for Piwik, too. Same goes for https.

Where to change the Piwik URL:

  • MediaWiki:
    $wgPiwikURL in LocalSettings.php
  • DokuWiki:
    Admin section -> Configuration -> „plugin -> piwik -> piwik_url“
  • WordPress: Don’t know as there were no problems with it :)

In Piwik itself, I also added the https:// URLs to the list of valid URLs of every single website but I don’t know if this was needed.

HTTP/2

While working on the setup of my websites I also enabled HTTP/2 (for https only).

\o/

blog.natenom.com_letsencrypt_certificate_information