Potential useful addition..

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
Post Reply
rothchild
Posts: 79
Joined: Sat Jun 27, 2015 10:39 am

Potential useful addition..

Post by rothchild »

https://letsencrypt.org/

Will be moving to public beta this week and will be issuing free ssl certificates.

They have an app to access and manage certs with:

https://github.com/letsencrypt/letsencrypt

Now, to be fair, I'm pretty green when it comes to webhosting etc but it seems like a pretty neat thing and I'd like to shore up my owncloud installation with ssl. It strikes me that the recent work to bring cron in to the whiptail menu will also be helpful in setting up a certificate renewal routine (they're 90 day certs)?
User avatar
Fourdee
Site Admin
Posts: 2782
Joined: Tue Feb 06, 2007 1:36 pm

Re: Potential useful addition..

Post by Fourdee »

rothchild wrote:https://letsencrypt.org/

Will be moving to public beta this week and will be issuing free ssl certificates.

They have an app to access and manage certs with:

https://github.com/letsencrypt/letsencrypt

Now, to be fair, I'm pretty green when it comes to webhosting etc but it seems like a pretty neat thing and I'd like to shore up my owncloud installation with ssl. It strikes me that the recent work to bring cron in to the whiptail menu will also be helpful in setting up a certificate renewal routine (they're 90 day certs)?
Hi Rothchild,

Thanks for the info.

This looks awesome. I must admit clicking "proceed to website anyway" when using an un-certified RPi webserver is annoying.
I'll look into this and see if its something we can add to DietPi.
If you find our project or support useful, then we’d really appreciate it if you’d consider contributing to the project however you can.
Donating is the easiest – you can use PayPal or become a DietPi patron.
User avatar
Fourdee
Site Admin
Posts: 2782
Joined: Tue Feb 06, 2007 1:36 pm

Re: Potential useful addition..

Post by Fourdee »

Git Ticket: https://github.com/Fourdee/DietPi/issues/128

I'll get the cron menu in dietpi-config for v102.
I may have to wait until I start work on v103 before looking into the above request (got a long list to go through). Will keep you updated.
If you find our project or support useful, then we’d really appreciate it if you’d consider contributing to the project however you can.
Donating is the easiest – you can use PayPal or become a DietPi patron.
Rich.T.
Posts: 14
Joined: Mon Nov 16, 2015 3:02 am

Definitely a useful addition..

Post by Rich.T. »

I'd had my eye on the Let's Encrypt project for most of the last year, but I must admit I'd not noticed the last few blog posts and didn't realise that they'd been running the closed beta program for three months. :oops:

I'm really looking forward to being able to get easy to set up, free SSL certificates for self-hosted sites and their ideas around a apt-gettable software solution for this seem to be right up my alley.

Don't get me wrong, it isn't all that difficult to configure SSL certificates in a web-server's .conf files, but it would be nice to be able to do it the DietPi way!

I registered http://rich-t.pw really cheaply on https://www.namecheap.com/ a year ago, after all the new domains came along. I then got a bunch of free SSL certificates from https://www.startssl.com/ for the top-level and various sub-domains (no free wild-card service) and managed to get them installed with quite a shallow learning curve.

However, the registration and log-in service for StartSSL relies on your installing their certificate into your web browser and thus it becomes only way to log into your control panel for the service. As soon as I had to do a re-install of my system, I was effectively locked out of my account. Despite several attempts to fix this, following the directions provided, and despite having contacted them directly about this, I received no reply and had no luck in signing back into my account.

In the end, I gave up and have allowed the certificates to expire. I guess that this is what comes of using a free entry-level service to push the paid services...

...Anyway, the point is that Let's Encrypt will be the service that us Raspberry Pi tinkerers and DietPi users are going to be utilising when we mess around with setting up various secure web services, so its a +1 from me. :)

I'll try to put some time aside to look into this on my own, but If there's anything I can do to help out, please let me know.

Thanks,
Rich
rothchild
Posts: 79
Joined: Sat Jun 27, 2015 10:39 am

Re: Potential useful addition..

Post by rothchild »

Sounds like you're a couple of steps ahead of me on the learning curve Rich, I tried to start out with some of those free certs but just got totally stumped with them.

It'd be great if I could 'follow along' with you getting involved in this, I'm more than happy to test stuff out and I'm moderately good at troubleshooting (at least at working out where the problem might be!)

That said Fourdee is the don at this stuff so odds on it will just appear in dietpi and work! ;)
Rich.T.
Posts: 14
Joined: Mon Nov 16, 2015 3:02 am

Re: Potential useful addition..

Post by Rich.T. »

rothchild wrote:Sounds like you're a couple of steps ahead of me on the learning curve Rich, I tried to start out with some of those free certs but just got totally stumped with them.

It'd be great if I could 'follow along' with you getting involved in this, I'm more than happy to test stuff out and I'm moderately good at troubleshooting (at least at working out where the problem might be!)

That said Fourdee is the don at this stuff so odds on it will just appear in dietpi and work! ;)
It isn't too difficult once you get your head around it, but you definitely need to follow a decent guide and do some experimentation. Keeping notes is also a must!

https://calomel.org/ contains some really useful security information and guides; I can't recommend it enough:

https://calomel.org/ssl_certs.html
https://calomel.org/nginx.html
https://calomel.org/apache_server.html

Rich.
User avatar
Fourdee
Site Admin
Posts: 2782
Joined: Tue Feb 06, 2007 1:36 pm

Re: Definitely a useful addition..

Post by Fourdee »

Rich.T. wrote: Don't get me wrong, it isn't all that difficult to configure SSL certificates in a web-server's .conf files, but it would be nice to be able to do it the DietPi way!

the point is that Let's Encrypt will be the service that us Raspberry Pi tinkerers and DietPi users are going to be utilising when we mess around with setting up various secure web services, so its a +1 from me. :)

I'll try to put some time aside to look into this on my own, but If there's anything I can do to help out, please let me know.

Thanks,
Rich
Hi Rich,

Thanks for the insight and information, really appreciate it. I've just checked the status of https://letsencrypt.org. Public beta should be starting tomorrow.
If you find our project or support useful, then we’d really appreciate it if you’d consider contributing to the project however you can.
Donating is the easiest – you can use PayPal or become a DietPi patron.
Post Reply