Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Let's encrypt
New on LowEndTalk? Please Register and read our Community Rules.

Let's encrypt

bootstrapbootstrap Member

Hey Guys,

Should we need any control panel like cpanel to work with Lets encrypt ssl , I have a site hosted in centos server with no control panel on it and apache webserver, site is working well, but can't afford a paid ssl now, so looking for cost effective possibilities,

any experienced ones with no control panel servers+ Lets

Ty

HOSTORBITS | Managed Hosting solutions| Shared & Reseller Hosting
Cloud VPS| KVM VPS | FREE SSL | Worldwide DC Locations | 24/7 Support

Comments

  • mrclownmrclown Member

    You can also use Cloudflare if you want caching + shared SSL too for simplicity.

    signature for rent - ^_^

  • i use certbot and its make easier to install LE. here:

    https://github.com/certbot/certbot

  • tomletomle Member

    RIPE LIR: Contact me for ASN registrations/IPv6. No IPv4 space left.

  • If you're just looking for a simple (web) front end to handle Lets Encrypt generation, take a look at https://zerossl.com/ which is essentially a (supposedly safe/secure) "wrapper" around the LE SSL generation process.

    If you're comfortable with shell/cli (etc.) then take a look at dehydrated which along with hooks like lexicon will allow you to reasonably simply/quickly get a LE SSL cert (including wildcard).

    All of the above are open source/freeware and are pretty popular/tested/trusted.

    Thanked by 1bootstrap
  • bapbap Member
  • raindog308raindog308 Administrator, Moderator
    edited May 2018

    bootstrap said: Should we need any control panel like cpanel to work with Lets encrypt ssl

    No. We should not. And do not.

    andiklive said: i use certbot and its make easier to install LE.

    This. There are other options but this is what I use.

    For LET support, please visit the support desk.

  • certbot, as well, detailed instructions on its site.

    Monitor your network assets with IPHost (contact me to obtain a discount code)
  • VitaVita Member
    edited May 2018

    For larger ordering and renewal of certificates ( > 500 ) I would advise you to use cerbot as it's more stable than say acmetool. All in all better start with certbot even if you have one or a few domains and try to avoid acmetool.

  • salakissalakis Member

    @mrclown said:
    You can also use Cloudflare if you want caching + shared SSL too for simplicity.

    If you can live with the de facto MITM by CloudFlare... Also, expect a lot of garbage domains in the shared SSL. I mean, most people won't see it, but it's quite ugly once you discover it.

    If you want some super simple, just set up a reverse proxy with Caddy or switch entirely to Caddy.

  • joepie91joepie91 Member, Provider

    @mrclown said:
    You can also use Cloudflare if you want caching + shared SSL too for simplicity.

    That is absolutely not equivalent to using Let's Encrypt, and not a good alternative at all.

    When you use Let's Encrypt, you keep control over your own traffic, LE just provides the certificate for your server to use and the traffic gets decrypted by your server itself. Nobody can read the traffic between your server and your users.

    When you use Cloudflare, they decrypt your traffic and then pass it on to your server. This means that Cloudflare can always read all traffic between your server and your users (and if you don't set up TLS to the origin server, any provider inbetween Cloudflare and your server can too).

    Handling your own TLS is the only way to handle TLS securely. For that, you want Let's Encrypt or some other CA.

  • ehabehab Member

    @joepie91 said:
    any provider inbetween Cloudflare and your server can too.

    do you mean the hoster where the files are hosted? or some other unknow party between the hoster and cloudfalre?

    • do not prepay > 1 year and check for reviews/support
    • only use monthly from a provider operating < 1 year 🍆
  • joepie91joepie91 Member, Provider
    edited May 2018

    @ehab said:

    @joepie91 said:
    any provider inbetween Cloudflare and your server can too.

    do you mean the hoster where the files are hosted? or some other unknow party between the hoster and cloudfalre?

    Unknown parties between the hoster and Cloudflare (if you're not using TLS to the origin). If you are using TLS to the origin, then it's just Cloudflare who can read all your traffic - although I'm not sure that that's any better.

    Thanked by 1ehab
  • emptyPDemptyPD Member

    You can use Vestacp (http://vestacp.com/) its easy to install, work with boxes from 512MB RAM, and supports Letsencrypt, and it automatically renew the certificates, you just need to activate the Letsencrypt SSL in your site and forget.

    just dont forget to harden your installation(change ssh port, hide phpmyadmin, disable vesta API, etc).

  • williewillie Member

    I've been making csr's with command line openssl and using dehydrated -s to get certificates from the csr's. It works fine and is easily scriptable. I think of submitting a patch to the dehydrated author to include a minimal web server in dehydrated so it automates everything, but I wasn't able to find his email address so meh. So I use "python -m SimpleHTTPServer" for dehydrated purposes instead of messing with something like apache.

    #lexit spread the word.

  • YmpkerYmpker Member
    edited May 2018

    Ive been using this sometimes :)
    Very easy and not much setup to do on the vps:
    https://www.sslforfree.com

    It issues LE certs and you can verify the domain through FTP login, File upload or DNS :P

  • williewillie Member

    Also Porkbun has automatic letsencrypt certs. I think it is done by a MITM method since I don't see any other way. But it could be better than nothing depending on what you're doing.

    #lexit spread the word.

  • @emptyPD said: You can use Vestacp (http://vestacp.com/)

    So it's safe to use VestaCP now?

    "Linux will run happily with only 4 MB of RAM, including all of the bells and whistles such as the X Window System, Emacs, and so on." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 32)

  • teamaccteamacc Member

    @willie said:
    Also Porkbun has automatic letsencrypt certs. I think it is done by a MITM method since I don't see any other way. But it could be better than nothing depending on what you're doing.

    Could be non-MITM cause letsencrypt supports DNS-based authorization iirc.

    I like my uptime down low and my servers all hacked. Can see me droppin' twenty-fours with a router in the rack.
    Ya like ya Switch-Ports hot and ya servers all hacked. If ya pings real high and ya networks pitch black.

  • williewillie Member
    edited May 2018

    teamacc said: Could be non-MITM cause letsencrypt supports DNS-based authorization iirc.

    Doesn't there still have to be a CSR, generated by something in possession of the private key? All I meant by MITM is that they do that for you. I don't mean they intercept your web server traffic like Cloudflare.

    #lexit spread the word.

  • emptyPDemptyPD Member

    @angstrom said:

    @emptyPD said: You can use Vestacp (http://vestacp.com/)

    So it's safe to use VestaCP now?

    Yes, its safe, i use it in a lot of server, on the last "exploit" i only got one server hacked and it was a fresh instalation, the others didnt have any problems, thats why i say to harden your installation.

    Regards!

    Thanked by 1angstrom
  • sureiamsureiam Member

    I hate to be that guy you probably shouldn't run your own server if you can't even do the most basic googling..

    Literally typing in centos (version) and let's encrypt will result in tons of full tutorials on the topic.

    I'm normally all for helping out new guys but you gotta try at least a little before asking for help..

  • sureiam said: I hate to be that guy you probably shouldn't run your own server if you can't even do the most basic googling..

    +1 for this.

    Google search

Sign In or Register to comment.