Getting correctly signed SSL Certificates for cPanel/WHM Services

Back in the day I set up a few VPSes with WHM/cPanel on to host some sites. As back then the certificates for the cPanel services (FTPD, SMTP, WHM, …) were self-signed and Let’s Encrypt was still in its early days, I also ordered a wildcard certificate for * along with that and configured WHM […]

Get HTTPS working on localhost, with green padlock

In On “Secure Contexts” in Firefox, HTTPS for local development, and a potential nice gesture by Chrome I said: One of the things that’s still not really frictionless for your local development domains is the use of certificates. To circumvent the use of self-signed certificates I explained in said article how I have a dedicated […]

On “Secure Contexts” in Firefox, HTTPS for local development, and a potential nice gesture by Chrome

👋 This post also got published on Medium. If you like it, please give it some love a clap over there. Earlier today, in a post entitled Secure Contexts Everywhere, it was announced on the Mozilla Security Blog that Firefox from now on will only expose new features such as new CSS properties to secure […]

Validating SSL certificates with PHP

Great stuff again by Freek Murze from Spatie: A PHP class to easily check the validity of an SSL Certificate. Easily? Yes, easily: $certificate = SslCertificate::createForHostName(‘’); $certificate->getIssuer(); // returns “Let’s Encrypt Authority X3” $certificate->isValid(); // returns true if the certificate is currently valid $certificate->isValid(; // returns true if the certificate is currently valid for the […]

Diff two certificate files with certdiff

If you’ve ever had to handle certificates, it can sometimes – especially when renewing them – become confusing to know which certificate is which. Enter certdiff, a handy diff tool for certificates, by Mattias Geniar: $ ./certdiff subject= / | subject= / issuer= /C=US/O=Let’s Encrypt/CN=Let’s Encrypt Authority issuer= /C=US/O=Let’s Encrypt/CN=Let’s Encrypt Authority notBefore=Feb […]

Migrating your WordPress website from HTTP to HTTPS

In light of #https2015 I flipped the switch on earlier today: from today forth is only accessible over HTTPS. If you run a news site, or any site at all, we’d like to issue a friendly challenge to you. Make a commitment to have your site fully on HTTPS by the end of […]

SSL Config Generator

Just choose the web server / web front you’re using (Apache, Nginx, HAProxy) + whether you want to support only modern, intermediate, or old versions of browsers and a proper configuration will be generated. <VirtualHost *:443> … SSLEngine on SSLCertificateFile /path/to/signed_certificate SSLCertificateChainFile /path/to/intermediate_certificate SSLCertificateKeyFile /path/to/private/key SSLCACertificateFile /path/to/all_ca_certs # modern configuration, tweak to your needs SSLProtocol […]