One thing that I found cool while in training is how SSL certificates could be going free with a service called letsencrypt. The paid certs are still around $75 a year which is not bad at all, but for us that don’t have the funds to spend or don’t have secure content the free SSL is a great way to go. The certificates need to be renewed every 6 months but it is still the way to go when saving customers money with their web hosting packages. Some customers would rather use paid SSL services when they have some major secure connection, this may not be worth it. it is up to the customer.
The links below take you to the content for an awesome project
Below is from the certbot documentation on installing this upon different platforms:
If you run Debian Stretch or Debian Sid, you can install certbot packages.
sudo apt-get update
sudo apt-get install certbot python-certbot-apache
If you don’t want to use the Apache plugin, you can omit the
Packages exist for Debian Jessie via backports. First you’ll have to follow the instructions at http://backports.debian.org/Instructions/ to enable the Jessie backports repo, if you have not already done so. Then run:
sudo apt-get install certbot python-certbot-apache -t jessie-backports
sudo dnf install certbot python2-certbot-apache
cd /usr/ports/security/py-certbot && make install clean
pkg install py27-certbot
The official Certbot client is available in Gentoo Portage. If you want to use the Apache plugin, it has to be installed separately:
emerge -av app-crypt/certbot
emerge -av app-crypt/certbot-apache
When using the Apache plugin, you will run into a “cannot find a cert or key directive” error if you’re sporting the default Gentoo
httpd.conf. You can fix this by commenting out two lines in
/etc/apache2/httpd.conf as follows:
LoadModule ssl_module modules/mod_ssl.so
LoadModule ssl_module modules/mod_ssl.so
For the time being, this is the only way for the Apache plugin to recognise the appropriate directives when installing the certificate. Note: this change is not required for the other plugins.
- Build from source:
cd /usr/pkgsrc/security/py-certbot && make install clean
- Install pre-compiled package:
cd /usr/ports/security/letsencrypt/client && make install clean
Other Operating Systems
OS packaging is an ongoing effort. If you’d like to package Certbot for your distribution of choice please have a look at the Packaging Guide.
The following example are for a Debian 8 server that I have. Make sure that you have port 443 open and accessible.
root@timknowsstuff-vm:~# sudo apt-get install python-certbot-apache -t jessie-backports
root@timknowsstuff-vm:~# a2enmod ssl
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run: service apache2 restart
root@timknowsstuff-vm:~# a2ensite default-ssl
Enabling site default-ssl.
To activate the new configuration, you need to run:
service apache2 reload
root@timknowsstuff-vm:~# systemctl restart apache2
root@timknowsstuff-vm:~# netstat -paunt | grep apache2
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 31195/apache2
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 31195/apache2
root@timknowsstuff-vm:~# certbot --apache
Below shows the options within the certbot application:
root@timknowsstuff-vm:~# certbot ?
certbot [SUBCOMMAND] [options] [-d domain] [-d domain] ...
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
cert. Major SUBCOMMANDS are:
(default) run Obtain & install a cert in your current webserver
certonly Obtain cert, but do not install it (aka "auth")
install Install a previously obtained cert in a server
renew Renew previously obtained certs that are near expiry
revoke Revoke a previously obtained certificate
register Perform tasks related to registering with the CA
rollback Rollback server configuration changes made during install
config_changes Show changes made to server config during installation
plugins Display information about installed plugins