Obtaining an SSL Certificate
Learn how to obtain an SSL certificate and how to install it on your webstore
Before reading this guide, we highly recommend you read the Donation Store installation guide. There is no point trying to install an SSL certificate unless those steps have been followed, including setting up your first webstore.
In all web applications, security is paramount. So much so that HTTP has become old and outdated. This can be reinforced by companies like Google and Mozilla marking all sites that use HTTP as unsafe. This is discouraging for anybody visiting a site, regardless of if you handle sensitive data. Donation Store depends on handling customers information and therefore making sure that said data is kept safe and in the right hands is your responsibility. It is not our responsibility and unfortunately we cannot police and make sure everybody installs SSL, however we can provide the tools to make it as easy as possible.
On a side note, a lot of payment providers won't even allow payments to happen through HTTP. That's why you may see them complaining if you don't use HTTPS. This is not a Donation Store issue but is because your site is not secured.
The Donation Store installation service also includes setting up a SSL certificate on your installation, this can be purchased here. A Donation Store developer will organise a time that suits you and will walk you through the installation on a server of your choice and will also complete the installation
Before the certificate is obtained, some software and updates need to be installed. First off, update apt, install common software properties and add the universe repository.
sudo apt-get update sudo apt-get install software-properties-common sudo add-apt-repository universe sudo apt-get update
If either commands asks to overwrite/fill disk space, enter "y" and then hit enter.
Cerbot is the tool that we will use to generate the cert and install it into Nginx. To do so, simply install the Nginx version of the tool
sudo apt-get install certbot python3-certbot-nginx
It is advised to automatically install the certificate. Certbot will generate a certificate, ask you which Nginx configuration you would like to install it onto and then go ahead and install it for you, so you don't have to do anything yourself. To do so, simply run.
sudo certbot --nginx
Replace yourdomain with the domain you want linked to your SSL certificate. If this is for your webstore, it is your webstore's subdomain. E.g: store.donationstore.io
Let's Encrypt will then ask for an email. Enter a valid email that you use, as this is where email notifications will be sent anytime you need to renew the certificate/or when there are problems with your certificate.
Read, then agree to the Let's Encrypt Terms of Service by entering A and then hitting enter.
Make a decision on whether or not you want to share your email, that's up to you!
It will take a few moments to generate your certificate but once done you should get a message saying "Congratulations". Your domain now has an SSL certificate added. Certbot will have added a cron job to automatically renew your certificate so you won't need to run Certbot again unless you change your configuration.