Let's Encrypt and manually generating certs
2018-Jan-02, Tuesday 02:44 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
chebeSay you have a simple blog and are hosting the images yourself. You want to get an SSL cert, but the only options provided by your hosting provider are expensive and aimed at much larger sites/usage. You've heard about Let's Encrypt, but your hosting provider doesn't provide it on your package (e.g. shared hosting). But, they do provide a way for you to install SSL certs yourself.
SSL certs, the DIY way.
First, you will need a linux machine, and a way to ftp (or otherwise get files onto your website). We will be doing this manually, so we'll need to create a file at the following location (you'll be given specifics later).
Install certbot. I'm on Fedora so;
Run it manually;
You'll get a warning that your IP will be publicly logged. If this bothers you perhaps wait to run this until you have access to public internet, like a cafe, hackerspace, or even on holidays.
After uploading the
At the end you'll (hopefully) get a success message that tells you when the cert will expire, and where they are on your system, e.g.
With the cert generated now you'll need to manually install it. You'll need
Log in through your hosting providers control panel. Hopefully they'll have instructions. Basically copy the contents of
At this point I copied all my images over to
SSL certs, the DIY way.
First, you will need a linux machine, and a way to ftp (or otherwise get files onto your website). We will be doing this manually, so we'll need to create a file at the following location (you'll be given specifics later).
/webspace/httpdocs/$site/.well-known/acme-challenge/$file is equivalent to http://$site/.well-known/acme-challenge/$fileInstall certbot. I'm on Fedora so;
sudo dnf install certbot python2-certbot-apacheRun it manually;
sudo certbot certonly --manual --preferred-challenges httpYou'll get a warning that your IP will be publicly logged. If this bothers you perhaps wait to run this until you have access to public internet, like a cafe, hackerspace, or even on holidays.
-------------------------------------------------------------------------------
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.
Are you OK with your IP being logged?
-------------------------------------------------------------------------------
(Y)es/(N)o: YAfter uploading the
$file it's a good idea to view it in your browser to make sure it's working.At the end you'll (hopefully) get a success message that tells you when the cert will expire, and where they are on your system, e.g.
/etc/letsencrypt/live/$site/fullchain.pem.With the cert generated now you'll need to manually install it. You'll need
/etc/letsencrypt/live/$site/fullchain.pem and /etc/letsencrypt/live/$site/privkey.pem.Log in through your hosting providers control panel. Hopefully they'll have instructions. Basically copy the contents of
fullchain.pem and privkey.pem into the respective clipboard copy-paste fields. Save, wait a few minutes, and that's it. Your site has SSL.At this point I copied all my images over to
httpsdoc, and updated the links in my blog (for the last year, and the header image in Customize Style). Now if you visit my blog directly you shouldn't get any worrying warnings.
