So, if you noticed, both my website a.k.a my Online Resume and my blog (well, this one to be precise), have been installed with an SSL certificate (booo! everyone’s having that ages ago dude!)
There’s a lot of Free SSL Certificate provider nowadays such as CloudFlare, Comodo etc etc (you get the idea). Most of them have a caveat of valid for only 90 days (free stuff ain’t all glitters bruh). However, the one that I’m going to highlight in this post is Let’s Encrypt.
I stumble upon this gem a while back, and only got the chance to actually apply it to my site today (yeah, I know. now shut it).
Installing it is rather easy, if your Hosting provide you with a shell access, or, if you’re too lazy to do it yourself, you can ask the support to install it for ye. But, where’s the thrill in that right? One must simply generate their own Certificate, to fully support the D-I-Y spirit. heh.
Long story short, I got my shell access last year, but my Hosting provider decided to disable it back because it’s making their list of “inactive-shell-user” big. I’m too lazy to ask them to re-enable my access yet, and the second option to ask them to install the certificate for me is out of the question due to (1) I’m lazy to open a new ticket for them, and (2) Where’s the thrill in that, right? heh.
Enough rambling, so, I decided to install it manually, by generating it on my machine and copy the stuff over to my cPanel SSL Manager.
Before getting that shiny SSL Certificate, you need a certbot to help you generate the cert. Once you done installing it, just run a simple command (don’t worry, I’ll lay it out to you shortly) and boom, bob’s your uncle!
The steps?
Installing CertBot:
$ sudo apt-get update $ sudo apt-get install software-properties-common $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install python-certbot
Now that you’ve installed the CertBot, time to start generating that Cert.
sudo certbot --manual certonly --preferred-challenges http
Now what does that command mean? Let’s break it down shall we?
sudo certbot
Certbot need to have root access, because it’s creating a directory in /etc/. Don’t really want to use sudo? specify the --config-dir, --work-dir, and --logs-dir to writeable paths.
--manual certonly
I think this is self-explanatory no? But if you insist, --manual means that we’re trying to obtain/generate the certificate interactively, and certonly means that we’re not gonna install it yet. We just need the bot to generate the cert for us. that’s it.
--preferred-challenges http
This option here is to set the challenge for the bot to authenticate our domain. I just use http because it seems easier for me, but, there’s 2 other option that you can choose from, which are dns and tls-sni. Wtf is that? Check their docs for details. Too lazy to explain everything to ye.
Anyway, once you hit that Enter button, it’s gonna spit out something like this, and you need to fill out where necessary.
$ sudo certbot --manual certonly --preferred-challenges http Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator manual, Installer None Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel): mohamadikhwan.com, www.mohamadikhwan.com, blog.mohamadikhwan.com Obtaining a new certificate Performing the following challenges: http-01 challenge for mohamadikhwan.com http-01 challenge for www.mohamadikhwan.com http-01 challenge for blog.mohamadikhwan.com ------------------------------------------------------------------------------- NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you're running certbot in manual mode on a machine that is not your server, please ensure you're okay with that. Are you OK with your IP being logged? ------------------------------------------------------------------------------- (Y)es/(N)o: Y ------------------------------------------------------------------------------- Create a file containing just this data: *REDACTED FOR REASONS* And make it available on your web server at this URL: http://mohamadikhwan.com/.well-known/acme-challenge/*REDACTED FOR REASONS* ------------------------------------------------------------------------------- Press Enter to Continue ------------------------------------------------------------------------------- Create a file containing just this data: *REDACTED FOR REASONS* And make it available on your web server at this URL: http://www.mohamadikhwan.com/.well-known/acme-challenge/*REDACTED FOR REASONS* ------------------------------------------------------------------------------- Create a file containing just this data: *REDACTED FOR REASONS* And make it available on your web server at this URL: http://blog.mohamadikhwan.com/.well-known/acme-challenge/*REDACTED FOR REASONS* ------------------------------------------------------------------------------- Press Enter to Continue Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/mohamadikhwan.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/mohamadikhwan.com/privkey.pem Your cert will expire on 2018-09-24. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
And that’s it! you got your cert all done.
Oh yeah. You still need to copy the fullchain.pem and privkey.pem contents into your cPanel SSL Manager. That’s what manual is about yo. Then you’re done.
Good luck!