Free certificates? Let’s encrypt!

January 21, 2020

Free certificates? Let’s encrypt!

How to use Let’s encrypt

First at all, ensure your system is accessible from the Internet. For instance, your.domain is accesible at X.X.X.X publicly, so configure your DNS or, if you do not have a DNS provider, register your host at coddns

You need to install certbot utility from Let’s Encrypt

# Centos, Fedora
# Enable epel repositories
dnf install epel-release

# Install certbot
dnf install certbot


# Debian, Ubuntu
apt-get update && apt-get install certbot

After having installed the certbot utility, you can execute following command to get your Let’s encrypt certificate for your.domain

If you have any service already listening in port 80, this command will fail. Stop your TCP:80 services before use this command, or alternatively, launch certbot interactively.

# To generate certificates only and place them
# in /etc/letsencrypt/live/your.domain/ Run:
certbot certonly --standalone -d your.domain

This command will generate following output:

# certbot certonly --standalone -d coddns.org
 Saving debug log to /var/log/letsencrypt/letsencrypt.log
 Plugins selected: Authenticator standalone, Installer None
 Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
 Obtaining a new certificate
 Performing the following challenges:
 http-01 challenge for your.domain
 Waiting for verification…
 Cleaning up challenges
 IMPORTANT NOTES:
 Congratulations! Your certificate and chain have been saved at:
 /etc/letsencrypt/live/your.domain/fullchain.pem
 Your key file has been saved at:
 /etc/letsencrypt/live/your.domain/privkey.pem
 Your cert will expire on 2020-04-20. To obtain a new or tweaked
 version of this certificate in the future, simply run certbot
 again. To non-interactively renew all of your certificates, run
 "certbot renew"
 If you like Certbot, please consider supporting our work by:
 Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 Donating to EFF:                    https://eff.org/donate-le

What am I seeing? At a lower level, Let’s encrypt will connect to our PC on port 80, checking the content of a random generated file. If the connection is established and the content of the file matches some kind of Let’s Encrypt algorithms, then the host is validated and the certificates generated.

So, now, you can use your new valid certificate to encrypt your favorite service, for instance, postfix.

Having your services protected under a valid certificate have never be so easy.

fborja

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.