Let’s use letsencrypt

Few folks told me that while they try to access my website vinaybabu.in they get nasty message from browsers that its unsafe to browse through my website. That’s because I was using self-signed certificate to encrypt the internet traffic. I didn’t want to go with CA vendors who charge more than the cost of my #raspberrypi.

After googling got to know about letsencrypt which provides free trusted SSL certificates. I would like to thank below tech blog / link from techmint for installing letsencrypt on my pi. Only catch is that we need to renew certificate within 90 days.

letsencrypt-logo-horizontal

http://www.tecmint.com/install-free-lets-encrypt-ssl-certificate-for-apache-on-debian-and-ubuntu/

To automate renewal of letencrypt (certbot) certificate we can use below script taken from the link https://www.upcloud.com/support/install-lets-encrypt-apache/

 #!/bin/sh
if ! /usr/local/letsencrypt/letsencrypt-auto certonly -tvv --keep --webroot -w <web root folder> -d vinaybabu.in > /var/log/letsencrypt/renew.log 2>&1 ; then
   echo Automated renewal failed:
   cat /var/log/letsencrypt/renew.log
   exit 1
fi
apachectl graceful

Note: Do change the <web root folder> with actual path

Save the above script in /root folder. I’ve saved this script as auto_renew.sh

Finally, create a new crontab entry as under to run the script every 80 days. Threshold to renew Letsencrypt (certbot) certificate is 30 days.

#crontab -e <run as root>

0 0 */80 * * /root/auto_renew.sh

To check crontab entries use below command

#crontab -l <run as root>

That’s it! folks can access my website from any type of device or browser without any issues. I’ve got free trusted certificate and enabled secure and encrypted traffic while accessing my website.

2016-09-24-19_36_59-welcome-to-vinays-website

Thanks much @letsencrypt and @tecmint.

Disclaimers:

Image’s courtesy: letsencrypt.org

Advertisements

2 thoughts on “Let’s use letsencrypt

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s