Linux · Apache: TLS & Let's Encrypt

After configuring TLS, how can you independently verify your site's HTTPS security and find weak spots?

Sign in to see the full answer — free to start on the web.

This is one card from the KnowCard library. The full way to learn it — spaced-repetition review, progress tracking, and AI explanations — lives in the KnowCard app, free to start on the web. iOS & Android are coming soon.

Get started — it’s free

Already have an account? Sign in →

More in Apache: TLS & Let's Encrypt

A site serves data over plain HTTP and browsers flag it as insecure. What does switching to HTTPS actually add, and why is a CA-issued certificate still needed on top of that?
In TLS, which key encrypts and which decrypts, and how do client and server end up sharing one session key without ever transmitting a private key?
Online banking data is transmitted perfectly tap-proof but arrives at a fraudster's server instead of the bank. Which security property did the encryption fail to provide?
When juggling TLS files, what do the extensions .key, .csr, .pem, and .crt each hold?
What single command generates a private RSA server key with openssl, and what one permission mistake makes the whole certificate worthless?
Encrypting the server key with a passphrase sounds strictly safer. Why does Apache in practice get an unencrypted copy of the key instead?