Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

Let's encrypt

Let's encrypt

bootstrapbootstrap Member

Hey Guys,

Should we need any control panel like cpanel to work with Lets encrypt ssl , I have a site hosted in centos server with no control panel on it and apache webserver, site is working well, but can't afford a paid ssl now, so looking for cost effective possibilities,

any experienced ones with no control panel servers+ Lets

Ty

Comments

  • mrclownmrclown Member

    You can also use Cloudflare if you want caching + shared SSL too for simplicity.

    signature for rent - ^_^

  • andikliveandiklive Member

    i use certbot and its make easier to install LE. here:

    https://github.com/certbot/certbot

  • tomletomle Member

    RIPE LIR: Contact me for ASN registrations/IPv6. No IPv4 space left.

  • If you're just looking for a simple (web) front end to handle Lets Encrypt generation, take a look at https://zerossl.com/ which is essentially a (supposedly safe/secure) "wrapper" around the LE SSL generation process.

    If you're comfortable with shell/cli (etc.) then take a look at dehydrated which along with hooks like lexicon will allow you to reasonably simply/quickly get a LE SSL cert (including wildcard).

    All of the above are open source/freeware and are pretty popular/tested/trusted.

    Thanked by 1bootstrap
  • raindog308raindog308 Moderator
    edited May 14

    bootstrap said: Should we need any control panel like cpanel to work with Lets encrypt ssl

    No. We should not. And do not.

    andiklive said: i use certbot and its make easier to install LE.

    This. There are other options but this is what I use.

    My Advice: VPS Advice

    For LET support, please click here.

  • Master_BoMaster_Bo Member

    certbot, as well, detailed instructions on its site.

    Monitor your network assets with IPHost (PM me for discount code)
  • VitaVita Member
    edited May 14

    For larger ordering and renewal of certificates ( > 500 ) I would advise you to use cerbot as it's more stable than say acmetool. All in all better start with certbot even if you have one or a few domains and try to avoid acmetool.

  • salakissalakis Member

    @mrclown said: You can also use Cloudflare if you want caching + shared SSL too for simplicity.

    If you can live with the de facto MITM by CloudFlare... Also, expect a lot of garbage domains in the shared SSL. I mean, most people won't see it, but it's quite ugly once you discover it.

    If you want some super simple, just set up a reverse proxy with Caddy or switch entirely to Caddy.

  • joepie91joepie91 Member, Provider

    @mrclown said: You can also use Cloudflare if you want caching + shared SSL too for simplicity.

    That is absolutely not equivalent to using Let's Encrypt, and not a good alternative at all.

    When you use Let's Encrypt, you keep control over your own traffic, LE just provides the certificate for your server to use and the traffic gets decrypted by your server itself. Nobody can read the traffic between your server and your users.

    When you use Cloudflare, they decrypt your traffic and then pass it on to your server. This means that Cloudflare can always read all traffic between your server and your users (and if you don't set up TLS to the origin server, any provider inbetween Cloudflare and your server can too).

    Handling your own TLS is the only way to handle TLS securely. For that, you want Let's Encrypt or some other CA.

  • ehabehab Member

    @joepie91 said: any provider inbetween Cloudflare and your server can too.

    do you mean the hoster where the files are hosted? or some other unknow party between the hoster and cloudfalre?

    wake up and realize reality. feel any bitter.

  • joepie91joepie91 Member, Provider
    edited May 14

    @ehab said:

    @joepie91 said: any provider inbetween Cloudflare and your server can too.

    do you mean the hoster where the files are hosted? or some other unknow party between the hoster and cloudfalre?

    Unknown parties between the hoster and Cloudflare (if you're not using TLS to the origin). If you are using TLS to the origin, then it's just Cloudflare who can read all your traffic - although I'm not sure that that's any better.

    Thanked by 1ehab
  • emptyPDemptyPD Member

    You can use Vestacp (http://vestacp.com/) its easy to install, work with boxes from 512MB RAM, and supports Letsencrypt, and it automatically renew the certificates, you just need to activate the Letsencrypt SSL in your site and forget.

    just dont forget to harden your installation(change ssh port, hide phpmyadmin, disable vesta API, etc).

  • williewillie Member, Moderator

    I've been making csr's with command line openssl and using dehydrated -s to get certificates from the csr's. It works fine and is easily scriptable. I think of submitting a patch to the dehydrated author to include a minimal web server in dehydrated so it automates everything, but I wasn't able to find his email address so meh. So I use "python -m SimpleHTTPServer" for dehydrated purposes instead of messing with something like apache.

  • YmpkerYmpker Member
    edited May 14

    Ive been using this sometimes :) Very easy and not much setup to do on the vps: https://www.sslforfree.com

    It issues LE certs and you can verify the domain through FTP login, File upload or DNS :P

  • williewillie Member, Moderator

    Also Porkbun has automatic letsencrypt certs. I think it is done by a MITM method since I don't see any other way. But it could be better than nothing depending on what you're doing.

  • angstromangstrom Member

    @emptyPD said: You can use Vestacp (http://vestacp.com/)

    So it's safe to use VestaCP now?

    "[T]he number of UNIX installations has grown to 16, with more expected." (K. Thompson & D. M. Ritchie, UNIX Programmer's Manual, 3ed, 1973)

  • teamaccteamacc Moderator

    @willie said: Also Porkbun has automatic letsencrypt certs. I think it is done by a MITM method since I don't see any other way. But it could be better than nothing depending on what you're doing.

    Could be non-MITM cause letsencrypt supports DNS-based authorization iirc.

    Yo mama so fat each of her butt-cheeks has its own /8.

  • williewillie Member, Moderator
    edited May 14

    teamacc said: Could be non-MITM cause letsencrypt supports DNS-based authorization iirc.

    Doesn't there still have to be a CSR, generated by something in possession of the private key? All I meant by MITM is that they do that for you. I don't mean they intercept your web server traffic like Cloudflare.

  • emptyPDemptyPD Member

    @angstrom said:

    @emptyPD said: You can use Vestacp (http://vestacp.com/)

    So it's safe to use VestaCP now?

    Yes, its safe, i use it in a lot of server, on the last "exploit" i only got one server hacked and it was a fresh instalation, the others didnt have any problems, thats why i say to harden your installation.

    Regards!

    Thanked by 1angstrom
  • sureiamsureiam Member

    I hate to be that guy you probably shouldn't run your own server if you can't even do the most basic googling..

    Literally typing in centos (version) and let's encrypt will result in tons of full tutorials on the topic.

    I'm normally all for helping out new guys but you gotta try at least a little before asking for help..

  • r00t4bl3r00t4bl3 Member

    sureiam said: I hate to be that guy you probably shouldn't run your own server if you can't even do the most basic googling..

    +1 for this.

    Google search

Sign In or Register to comment.