Free Certificates Through letsencrypt.org

One thing that I found cool while in training is how SSL certificates could be going free with a service called letsencrypt. The paid certs are still around $75 a year which is not bad at all, but for us that don’t have the funds to spend or don’t have secure content the free SSL is a great way to go. The certificates need to be renewed every 6 months but it is still the way to go when saving customers money with their web hosting packages. Some customers would rather use paid SSL services when they have some major secure connection, this may not be worth it. it is up to the customer.

 

The links below take you to the content for an awesome project

 

https://letsencrypt.org/getting-started/

https://certbot.eff.org/

 

—===—===—===—

—===—===—===—

 

Below is from the certbot documentation on installing this upon different platforms:

 

Operating System Packages

Arch Linux

sudo pacman -S certbot

Debian

If you run Debian Stretch or Debian Sid, you can install certbot packages.

sudo apt-get update
sudo apt-get install certbot python-certbot-apache

If you don’t want to use the Apache plugin, you can omit the python-certbot-apache package.

Packages exist for Debian Jessie via backports. First you’ll have to follow the instructions at http://backports.debian.org/Instructions/ to enable the Jessie backports repo, if you have not already done so. Then run:

sudo apt-get install certbot python-certbot-apache -t jessie-backports

Fedora

sudo dnf install certbot python2-certbot-apache

FreeBSD

  • Port: cd /usr/ports/security/py-certbot && make install clean
  • Package: pkg install py27-certbot

Gentoo

The official Certbot client is available in Gentoo Portage. If you want to use the Apache plugin, it has to be installed separately:

emerge -av app-crypt/certbot
emerge -av app-crypt/certbot-apache

When using the Apache plugin, you will run into a “cannot find a cert or key directive” error if you’re sporting the default Gentoo httpd.conf. You can fix this by commenting out two lines in /etc/apache2/httpd.conf as follows:

Change

<IfDefine SSL>
LoadModule ssl_module modules/mod_ssl.so
</IfDefine>

to

#<IfDefine SSL>
LoadModule ssl_module modules/mod_ssl.so
#</IfDefine>

For the time being, this is the only way for the Apache plugin to recognise the appropriate directives when installing the certificate. Note: this change is not required for the other plugins.

NetBSD

  • Build from source: cd /usr/pkgsrc/security/py-certbot && make install clean
  • Install pre-compiled package: pkg_add py27-certbot

OpenBSD

  • Port: cd /usr/ports/security/letsencrypt/client && make install clean
  • Package: pkg_add letsencrypt

Other Operating Systems

OS packaging is an ongoing effort. If you’d like to package Certbot for your distribution of choice please have a look at the Packaging Guide.

 

—===—===—===—

—===—===—===—

 

The following example are for a Debian 8 server that I have. Make sure that you have port 443 open and accessible.

 

root@timknowsstuff-vm:~# sudo apt-get install python-certbot-apache -t jessie-backports

root@timknowsstuff-vm:~# a2enmod ssl 
Considering dependency setenvif for ssl: 
Module setenvif already enabled 
Considering dependency mime for ssl: 
Module mime already enabled 
Considering dependency socache_shmcb for ssl: 
Enabling module socache_shmcb. 
Enabling module ssl. 
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates. 
To activate the new configuration, you need to run: service apache2 restart
root@timknowsstuff-vm:~# a2ensite default-ssl
Enabling site default-ssl.
To activate the new configuration, you need to run:
  service apache2 reload
root@timknowsstuff-vm:~# systemctl restart apache2
root@timknowsstuff-vm:~# netstat -paunt | grep apache2
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      31195/apache2   
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      31195/apache2   

root@timknowsstuff-vm:~# certbot --apache

---===---===---===---
---===---===---===---

Below shows the options within the certbot application:


root@timknowsstuff-vm:~# certbot ?
usage: 
  certbot [SUBCOMMAND] [options] [-d domain] [-d domain] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
cert. Major SUBCOMMANDS are:

  (default) run        Obtain & install a cert in your current webserver
  certonly             Obtain cert, but do not install it (aka "auth")
  install              Install a previously obtained cert in a server
  renew                Renew previously obtained certs that are near expiry
  revoke               Revoke a previously obtained certificate
  register             Perform tasks related to registering with the CA
  rollback             Rollback server configuration changes made during install
  config_changes       Show changes made to server config during installation
  plugins              Display information about installed plugins

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>