.. title: Switching to https with Let's Encrypt
.. date: 2017-10-22 17:46
.. tags: tls, letsencrypt, security
.. slug: switching-to-https
.. type: text

As you may have noticed, the blog is now being served as a secure,
encrypted page with the help of a fresh TLS certificate from `Let's Encrypt
<https://letsencrypt.org/>`_.

.. image:: /images/letsencrypt-logo-horizontal.png
   :align: center
   :alt: Let's Encrypt
      
Ever since I first learned about this initiative supporting a more
secure and privacy-respecting web, I wanted to use such a certificate
for my blog.  The immediate enthusiasm was slowed by the realization
of the very short lifetime of the certificates and so the idea was
left dormant for a while.  With a validity of only three months, some
sort of scripting infrastructre is needed to ensure that the
certificates are renewed in a timely fashion and back then I didn't
see an easy solution ready in a few minutes.  Luckily enough, my web
space provider `Hostsharing eG <https://www.hostsharing.net/>`_
integrated Let's Encrypt in a completely seamless fashion in the last
weeks.  All I needed to do was to tick the "Let's Encrypt Zertifikat"
option in the HSAdmin web interface, specify the valid sub-domains and
a few minutes later the website started serving the certificate.

Admittedly it took a little longer to find out why Firefox kept
complaining about `blocking mixed content
<https://support.mozilla.org/en-US/kb/mixed-content-blocking-firefox>`_
on the TLS connection replacing the icons in the left hand panel by
empty rectangles.  Debugging the problem showed that the icons are in
fact individual "characters" in an off-site font referenced by my
chosen `Nikola <https://getnikola.com/>`_ theme.  Switching the
template HTML to load the fonts also over https finished the
transition.