Now, to be fair, I’m pretty green when it comes to webhosting etc but it seems like a pretty neat thing and I’d like to shore up my owncloud installation with ssl. It strikes me that the recent work to bring cron in to the whiptail menu will also be helpful in setting up a certificate renewal routine (they’re 90 day certs)?
This looks awesome. I must admit clicking “proceed to website anyway” when using an un-certified RPi webserver is annoying.
I’ll look into this and see if its something we can add to DietPi.
I’ll get the cron menu in dietpi-config for v102.
I may have to wait until I start work on v103 before looking into the above request (got a long list to go through). Will keep you updated.
I’d had my eye on the Let’s Encrypt project for most of the last year, but I must admit I’d not noticed the last few blog posts and didn’t realise that they’d been running the closed beta program for three months.
I’m really looking forward to being able to get easy to set up, free SSL certificates for self-hosted sites and their ideas around a apt-gettable software solution for this seem to be right up my alley.
Don’t get me wrong, it isn’t all that difficult to configure SSL certificates in a web-server’s .conf files, but it would be nice to be able to do it the DietPi way!
I registered http://rich-t.pw really cheaply on https://www.namecheap.com/ a year ago, after all the new domains came along. I then got a bunch of free SSL certificates from https://www.startssl.com/ for the top-level and various sub-domains (no free wild-card service) and managed to get them installed with quite a shallow learning curve.
However, the registration and log-in service for StartSSL relies on your installing their certificate into your web browser and thus it becomes only way to log into your control panel for the service. As soon as I had to do a re-install of my system, I was effectively locked out of my account. Despite several attempts to fix this, following the directions provided, and despite having contacted them directly about this, I received no reply and had no luck in signing back into my account.
In the end, I gave up and have allowed the certificates to expire. I guess that this is what comes of using a free entry-level service to push the paid services…
…Anyway, the point is that Let’s Encrypt will be the service that us Raspberry Pi tinkerers and DietPi users are going to be utilising when we mess around with setting up various secure web services, so its a +1 from me.
I’ll try to put some time aside to look into this on my own, but If there’s anything I can do to help out, please let me know.
Sounds like you’re a couple of steps ahead of me on the learning curve Rich, I tried to start out with some of those free certs but just got totally stumped with them.
It’d be great if I could ‘follow along’ with you getting involved in this, I’m more than happy to test stuff out and I’m moderately good at troubleshooting (at least at working out where the problem might be!)
That said Fourdee is the don at this stuff so odds on it will just appear in dietpi and work!
It isn’t too difficult once you get your head around it, but you definitely need to follow a decent guide and do some experimentation. Keeping notes is also a must!
https://calomel.org/ contains some really useful security information and guides; I can’t recommend it enough:
Thanks for the insight and information, really appreciate it. I’ve just checked the status of https://letsencrypt.org. Public beta should be starting tomorrow.
