Security
How to install Certbot
Certbot issues free, trusted SSL certificates from Let's Encrypt and renews them before they expire. Here is how to install it on Ubuntu, issue your first certificate, and keep it renewing on its own.
How to renew SSL certificates automatically
Let's Encrypt certificates last 90 days, so renewal has to be automatic. Here is how to set up Certbot to renew every certificate and reload Nginx on its own.
How to generate a CSR with OpenSSL
A CSR (Certificate Signing Request) is the file you send to a certificate authority to request an SSL certificate. Here is how to generate one, and its private key, with openssl.
What is an SSH key
An SSH key is a pair of cryptographic keys used to log in to servers and services without a password. The public key lives on the server, the private key stays on your machine, and only the two together grant access.
How to generate a self-signed certificate with OpenSSL
A self-signed certificate lets you serve HTTPS for local development or internal services without going through a certificate authority. Here is how to create one with openssl.
Convert SSL certificate formats with OpenSSL
Certificates come in PEM, CRT, CER, DER, and PFX formats, and software is picky about which one it wants. Here are the openssl commands to convert between all of them.
How to generate an SSH key
Here is how to generate an SSH key pair on Linux, macOS, or Windows and add the public key to a server, GitHub, or GitLab.
How to check SSL certificate expiration
Here is how to check when an SSL certificate expires, both for a live website and for a certificate file on disk, using openssl from the command line.
How to change the SSH port on Ubuntu
Moving SSH off the default port 22 cuts down on automated brute-force noise in your logs. Here is how to do it safely on Ubuntu, including the socket-activation change that catches people out on 24.04, without locking yourself out.
How to configure rate limiting in nginx
Rate limiting protects login pages, APIs, and expensive endpoints from abuse and brute-force attacks. nginx does this with the built-in limit_req module. Here is how to configure it.
What is an SSL certificate chain
An SSL certificate chain links your website's certificate back to a trusted root certificate. When a link in that chain is missing, browsers and command line tools reject the connection even though the certificate itself is perfectly valid.
How to setup OpenClaw securely on your own VPS
OpenClaw is a powerful open-source AI assistant that runs on your own infrastructure. Learn how to deploy it securely on a VPS to avoid common security pitfalls.
How to get A+ grade SSL using Cloudflare
By default Cloudflare configures your security for SSL and HTTPS traffic for maximum connectivity and not for best security. Connectivity and security are unexchangeable, by letting more old insecure clients connect, you lower the bar for all clients that connect to your website.
How to optimize web application security
There are a lot of features you can use to increase overall security of your website or web app.
How to extract the certificate from a PFX file
Sometimes you receive a PFX file, which is a file that bundles both certificate and private key of a SSL certificate. Here's how to extract the certificate.
How to extract private key from PFX file
Sometimes you receive a PFX file, which is a file that bundles both certificate and private key of a SSL certificate. Here's how to extract the private key.