Have you ever needed to test something with a web server that you stand up quickly, but don’t have an SSL cert for it, and don’t have access to a wildcard cert for the domain? Check out http://www.letsencrypt.org and be prepared to quickly and easily get an SSL cert. 

On a RaspberryPi system you start by installing certbot  via “sudo apt-get install python-certbot-apache” and then I ran in to some trouble trying to just use certbot’s automagic apache mechanism so I did this;

  1. Enable SSL on Apache with “sudo a2enmod ssl”
  2. Stop Apache with “sudo /etc/init.d/apache2 stop”
  3. “sudo certbot certonly –standalone” to go through the process. It will launch a process that the certificate authority will connect to on TCP 80 to verify you control the DNS name you are trying to make a cert for so that name should resolve to this server.
  4. Edit /etc/apache2/sites-enabled/default-ssl.conf to point to your SSL certs. These 3 settings must be changed and make sure the path matches where your files are stored;
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/fullchain.pem

Now you need to start Apache back up with “sudo /etc/init.d/apache2 start” and hopefully it should load. I don’t believe any steps are missing here, but please do let me know in the comments if you tried this and were totally stuck. Remember you’ll have to renew your certs each year, but certbot has a renew function as well. Super simple. 

Advertisements