Few folks told me that while they try to access my website vinaybabu.in they get nasty message from browsers that its unsafe to browse through my website. That’s because I was using self-signed certificate to encrypt the internet traffic. I didn’t want to go with CA vendors who charge more than the cost of my #raspberrypi.
After googling got to know about letsencrypt which provides free trusted SSL certificates. I would like to thank below tech blog / link from techmint for installing letsencrypt on my pi. Only catch is that we need to renew certificate within 90 days.
http://www.tecmint.com/install-free-lets-encrypt-ssl-certificate-for-apache-on-debian-and-ubuntu/
To automate renewal of letencrypt (certbot) certificate we can use below script taken from the link https://www.upcloud.com/support/install-lets-encrypt-apache/
#!/bin/sh if ! /usr/local/letsencrypt/letsencrypt-auto certonly -tvv --keep --webroot -w <web root folder> -d vinaybabu.in > /var/log/letsencrypt/renew.log 2>&1 ; then echo Automated renewal failed: cat /var/log/letsencrypt/renew.log exit 1 fi apachectl graceful
Note: Do change the <web root folder> with actual path
Save the above script in /root folder. I’ve saved this script as auto_renew.sh
Finally, create a new crontab entry as under to run the script every 80 days. Threshold to renew Letsencrypt (certbot) certificate is 30 days.
#crontab -e <run as root>
0 0 */80 * * /root/auto_renew.sh
To check crontab entries use below command
#crontab -l <run as root>
That’s it! folks can access my website from any type of device or browser without any issues. I’ve got free trusted certificate and enabled secure and encrypted traffic while accessing my website.
Thanks much @letsencrypt and @tecmint.
Disclaimers:
Image’s courtesy: letsencrypt.org
Vinay's IT Press 