Table of Contents
- Getting A+ SSL Rating on Apache
- Getting A+ SSL Rating Nginx Server
- HSTS Preload on NGINX Server
- HSTS Preload on APACHE Server
Getting A+ SSL Rating on Apache
Getting an A+ SSL Rating on Lightsail is just a 5-minute task,
It’s only turning off old versions of SSL from your configuration file.
Getting a free SSL is well documented by the lightsail team here, in a 9 Step Tutorial, if you have not got an SSL please get one,
SSL improves your SEO, maintains trust for the visitor and is a must for any website in 2020.
After reading this post from Qualys, searching some more articles
I could make out that getting A+ SSL rating and not allowing the previous versions of SSL on a website or a blog is both good for your SEO Strategy and Security part.
So, here it is Get your site checked here on the Qualys Tool For SSL it’s Free!
Here is a screenshot of a test when I just started this blog and was continuously improving on its security, SEO, and everything I could do for achieving a simple, secure and a pro website.
Getting the same as an A+ was just a 5 minutes task, from start to finish on a lightsail hosted website, using apache server, with bitnami image of wordpress.
Here’s how I got this from B to A+
Just head over to your SSH Window and start with : sudo nano /opt/bitnami/apache2/conf/bitnami/bitnami.conf
Soon you are into editing the bitnami.conf file, so we have to just turn off the old versions of SSL
Find this line with “CTRL+W”, or whatever that line reads near SSL Protocol SSLProtocol all -SSLv2 -SSLv3
Change the same to
SSLProtocol TLSv1.2
CTRL+O to write out and CTRL+X to Exit
Restart the Apache sudo /opt/bitnami/ctlscript.sh restart
Getting A+ SSL Rating Nginx Server
sudo nano /etc/nginx/nginx.conf
Change the lines that start with #SSL Settings to Exactly the code below this would also add the session timeout and Strict Security Header :
##
ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
##
Once done just restart your server with :sudo service nginx reload && sudo service nginx restart
This gives A+ SSL Rating.
SSL is a must if you use AMP on your WordPress Blog. , Also here’s a collection of some website testing tools that I keep on updating.
HSTS Preload on NGINX Server
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
This gives you a HSTS Header on your site, if you use Nginx Server, Enrolling to HSTS list is good for your sites security, this enables browsers to understand that your site is only served on a secured connection.
You can enrol here for HSTS, First, you need to test on the same link then Enroll the domain.
HSTS Preload on APACHE Server
Mod Headers Looks Like :
First, enable mod headers in your httpd.conf file,
you can find in the /etc/apache2/httpd.conf :
LoadModule headers_module modules/mod_headers.so
then simply add the below line in your virtual host’s file.
<VirtualHost *:443> ... Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" ... </VirtualHost>
