This might be of interest if you are using selfsigned certificates
on a public server. From tomorrow on(2015-11-16),
https://letsencrypt.org/ claims
to give everyone who wants an official ssl-certificate for free, valid for 90 days, renewal is also free. To get an certifiacte, the tool
https://github.com/letsencrypt is needed, which, for my taste, is to intrusive
for a producive Server. So, here is a(quick and dirty) way to get a
certificate on a private machine, to put it by hand on the Server.
You will also need to put some hash-string on your Server to be validated,
while the certificate is created, the tool will spit out the instruction.
Get following packages from slackbuilds.org:
virtualenv
augeas
# As "root":
mkdir -p /etc/letsencrypt/{accounts,renewal,keys,archive,live,csr}
mkdir -p /var/lib/letsencrypt/backups
mkdir -p /var/log/letsencrypt
touch /etc/letsencrypt/cli.ini
touch /var/log/letsencrypt/letsencrypt.log
# As "root", make directories writeable by the Systemuser of your choice:
chown -R USER /etc/letsencrypt/ /var/lib/letsencrypt/ /var/log/letsencrypt/
# As "USER", get letsencrypt&dependencies
git clone
https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./bootstrap/dev/venv.sh
source venv/bin/activate
# finally, as "USER", get your certificate :-)
letsencrypt certonly -a manual -d domain.tld