I've been blogging for 23 years as of today. This is also the first day this blog is being served up via https:. All I had to do was just install the latest version of Apache on my server [1].
It took several days, but I got the latest version of Apache compiled and installed on my server. Yes, I did it the hard way. What better way of knowing how things work than doing it the hard way. I then spent Saturday updating the configuration. There were a few changes, like NameVirtualHost [2] being deprecated, and having to add “Protocols [3] h2 h2c http/1.1” and “Require [4] all granted”.
Once that was done and the new server was up and running, then I dove into the whole “Encrypt All The Things!” rabbit hole (I know, I know, 2015 called and said I was late to the party). A recent post [5] of mine made it to The Orange Site [6] and fully half of the comments were about the disturbing lack of [DELETED-faith-DELETED] TLS (Transport Layer Security) I had. Of course. Fortunately, Apache [7] has a module [8] to handle certificates from Let's Encrypt [9] (or others places that support the “certificate update dance” protocol). Unfortunately, there are subtleties not mentioned in the documentation. Like the MDCACertificateFile directive (which I need for my setup—don't ask) not being documented. Or the fact that if you make any type of mistake (like using the wrong domain name because you cut-n-paste the configuration from one host into another and forgot to make the domain name change, or using “SSLEngine on” in the wrong place, or forgetting to add acme-tls/1 to the Protocols directive) everything goes pear shaped and Let's Encrypt will rate limit and … ugh. I'm just lucky I have a few domains to practice on before enabling it for my main sites.
But I was able to finish in time for the 23^rd anniversary of my blog and get that stupid little lock on my site.
You're welcome.
[2] https://httpd.apache.org/docs/2.4/mod/core.html#namevirtualhost
[3] https://httpd.apache.org/docs/2.4/mod/core.html#protocols
[4] https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require
[6] https://news.ycombinator.com/item?id=32969374