FREE SSL CERTIFICATES
Secure your Web server with free Let's Encrypt Certificates
Guide to fully automate the process of creating and renewing certificates without the need of installing extra software.
Script based copy & paste solution for Linux, FreeBSD and Plesk.
Introduction SSL Certificates
In the past services offered on the Internet mostly was unencrypted and traffic was sent in clear text between server and user.
Times has changed now, spying on traffic and hacking is all around. Actually it needs less than a few minutes to have the first bots trying all of their exploit scripts against your IP address. Never think you are not important enough for hackers because in the first step bots operates on IP addresses without knowing who is behind this IP address. Things will be exploited pretty fast.
Traffic sniffing exploits usernames, passwords and sensitive data, making follow up attacks very easy and successful.
Traffic encryption with SSL certificates, combined with other prevention methods, using modern and state-of-the-art server technologies is a must for all servers providing services like web access.
To validate a certificate, they are signed by a Certificate Authority. Browsers like Firefox e.g. includes certificates of commercial authorities to be able to check the validity of the certificate. Without these certificates browsers would give a warning that they cannot identify the certificate of your server. This happens with so named self signed certificates too.
A warning like this is unacceptable for people visiting a website or any other service.
To operate publicly available services you need certificates signed by a known authority. You can buy them at different companies. Only those ones will let the browser show your URL in green without importing any additional CA root certificate.
For web servers accessible from the Internet “Let's Encrypt” Authority offers free, if installed as intended, fully automated, certificates. These certificates are valid for 3 months. Receiving and renewing them can be done script based and fully automated.
Free, no paper work and fully automated if professional installed.
A lot of Let's Encrypt client software is available making the use of Let's Encrypt certificates very easy and straightforward.
Paranoid as I am, I don't want to install extra software on any server just for updating certificates. Every added software package can be a security risk on a publicly available server especially if additional programming languages or interpreters are added.
After searching for a great solution a long time, I was able to handle everything only adding a shell script solution and finally wrote this e-book for you.
Table of Contents
Introduction
Table of Contents
Legal Notes
Introduction SSL Certificates
Firewall Setup (Optional)
Description of firewall ports8
Setup of this guide – Our Goal
Network setup9
Our final setup9
Prepare your operating system
FreeBSD10
Linux10
Linux & FreeBSD11
Building Run_Certs.sh
Run_Certs.sh in detail (copy & paste it)13
Creating our config file14
Creating our domains.txt file14
Prepare the web server
Preparing Apache for Run_Certs.sh15
Create .well-known in document root15
Create hook.sh
hook.sh for FreeBSD or Linux17
hook.sh for Plesk servers18
Plesk automation explained:18
Create the first certificate
Configure Apache to use certificates
Checking Plesk servers
Automate the process of renewing
More Features
About The Author
Other Books By (Author)
Link List for this e-book
Let's Encrypt - Project28
Dehydrated Project28
FreeBSD Project Page28
Can I Ask A Favour?
Karl M. Joch is founder of CTS GMBH with more than 30 years experience in national and international projects. He worked in over 15 countries.
Secure your Web server with free Let's Encrypt Certificates
Guide to fully automate the process of creating and renewing certificates without the need of installing extra software.
Script based copy & paste solution for Linux, FreeBSD and Plesk.
Introduction SSL Certificates
In the past services offered on the Internet mostly was unencrypted and traffic was sent in clear text between server and user.
Times has changed now, spying on traffic and hacking is all around. Actually it needs less than a few minutes to have the first bots trying all of their exploit scripts against your IP address. Never think you are not important enough for hackers because in the first step bots operates on IP addresses without knowing who is behind this IP address. Things will be exploited pretty fast.
Traffic sniffing exploits usernames, passwords and sensitive data, making follow up attacks very easy and successful.
Traffic encryption with SSL certificates, combined with other prevention methods, using modern and state-of-the-art server technologies is a must for all servers providing services like web access.
To validate a certificate, they are signed by a Certificate Authority. Browsers like Firefox e.g. includes certificates of commercial authorities to be able to check the validity of the certificate. Without these certificates browsers would give a warning that they cannot identify the certificate of your server. This happens with so named self signed certificates too.
A warning like this is unacceptable for people visiting a website or any other service.
To operate publicly available services you need certificates signed by a known authority. You can buy them at different companies. Only those ones will let the browser show your URL in green without importing any additional CA root certificate.
For web servers accessible from the Internet “Let's Encrypt” Authority offers free, if installed as intended, fully automated, certificates. These certificates are valid for 3 months. Receiving and renewing them can be done script based and fully automated.
Free, no paper work and fully automated if professional installed.
A lot of Let's Encrypt client software is available making the use of Let's Encrypt certificates very easy and straightforward.
Paranoid as I am, I don't want to install extra software on any server just for updating certificates. Every added software package can be a security risk on a publicly available server especially if additional programming languages or interpreters are added.
After searching for a great solution a long time, I was able to handle everything only adding a shell script solution and finally wrote this e-book for you.
Table of Contents
Introduction
Table of Contents
Legal Notes
Introduction SSL Certificates
Firewall Setup (Optional)
Description of firewall ports8
Setup of this guide – Our Goal
Network setup9
Our final setup9
Prepare your operating system
FreeBSD10
Linux10
Linux & FreeBSD11
Building Run_Certs.sh
Run_Certs.sh in detail (copy & paste it)13
Creating our config file14
Creating our domains.txt file14
Prepare the web server
Preparing Apache for Run_Certs.sh15
Create .well-known in document root15
Create hook.sh
hook.sh for FreeBSD or Linux17
hook.sh for Plesk servers18
Plesk automation explained:18
Create the first certificate
Configure Apache to use certificates
Checking Plesk servers
Automate the process of renewing
More Features
About The Author
Other Books By (Author)
Link List for this e-book
Let's Encrypt - Project28
Dehydrated Project28
FreeBSD Project Page28
Can I Ask A Favour?
Karl M. Joch is founder of CTS GMBH with more than 30 years experience in national and international projects. He worked in over 15 countries.