Installing SSL Certificates for HTTPS
Elsewhere [ edit ]
Since around 2010 when the first FireSheep web browser plugin made it easy for anyone to see unencrypted usernames and passwords being used over WiFI network, there has been increasing concern for more ubiquitous web encryption.
Until recently the art and practice of preparing and deploying SSL Certificates to encrypt HTTPS web servers required both technical expertise and annual fees to 'trusted' security firms (e.g. Verisign) - who would in turn provide certificates considered genuine for wide web usage. The technical barriers to generating and deploying SSL Certificates have pretty much evaporated since then. The artificial tax to 'trusted' security firms to vet certificates for a fee looks to also evaporate, or at least reduce significantly, with Mozilla Foundation's new Let's Encrypt service that provides free SSL Certificates that are also considered legitimate for wide web usage.
# git clone https://github.com/letsencrypt/letsencrypt $ ./letsencrypt-auto certonly --manual -d mytake.howtolabs.net - needs to be run from a system that can receive requests to to the target domain - generates 4 files - special web accessible directory will need to be populated with one time magic file .well-known/acme-challenge # ls -lh /etc/letsencrypt/archive/mytake.howtolabs.net/ root root 1.8K cert1.pem root root 1.7K chain1.pem root root 3.5K fullchain1.pem root root 1.7K privkey1.pem
A certificate can be generated to satisfy multiple domains by providing addition -d directives.
Apparently a new toolset called certbot has been rolled out. Note, many Let's Encrypt tools depend on an API services that occosionally go offline for various reasons. The API server status can be checked here: letsencrypt.status.io