Secure Rise with Let's Encrypt


  • administrator

    Secure Rise with Let’s Encrypt


    Introduction


    Let’s Encrypt is a Certificate Authority (CA) that provides an easy way to obtain and install free TLS/SSL certificates, thereby enabling encrypted HTTPS on web servers. It simplifies the process by providing a software client, certbot, that attempts to automate most (if not all) of the required steps.

    In this tutorial, I will show you how to use the free-ssl script to obtain and renew a free SSL certificate and use it with Rise on Ubuntu 16.04.

    Prerequisites


    To complete this tutorial, you will need:

    • To have a working Rise instance
    • Your own domain. Your domain will look something like this –> subdomain.domain.tk
    • An A Record that points your domain to the public IP address of your server
    • To know your network interface
      • Run ifconfig and write it down (normally it is eth0, eth1, eth2, ens1, ens2, ens3…)

    Installation


    First of all you’ll need to clone the GitHub repository to your server:

    cd ~
    
    git clone https://github.com/nytrobound/free-ssl.git
    
    cd free-ssl
    

    To generate and install the trusted SSL certificate, run:

    bash installssl.sh
    

    The script will guide you through the installation process.

    Renewal


    renewssl.sh checks the expiring date of your certificate and renew it, if the expiration date is less than 30 days. However, you will need to add a cronjob with crontab -e to automatically execute the script.

    Make sure to replace $SSLUSER with the username you ran the script on!

    Example:* 12 * * WED bash /home/$SSLUSER/free-ssl/start_renew.sh >> /home/$SSLUSER/free-ssl/logs/cron.log
    

    This cronjob checks and renews your SSL certificate every Wednesday at 12pm.

    You can also use Crontab Generator to generate a custom cronjob.

    By Nytrobound, licensed under CC BY-NC-SA 4.0


Log in to reply
 

Looks like your connection to     Rise Community Forum was lost, please wait while we try to reconnect.