LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 11-15-2015, 04:23 AM   #1
franzen
Member
 
Registered: Nov 2012
Distribution: slackware
Posts: 379

Rep: Reputation: 253Reputation: 253Reputation: 253
Letís Encrypt


This might be of interest if you are using selfsigned certificates
on a public server. From tomorrow on(2015-11-16), https://letsencrypt.org/ claims
to give everyone who wants an official ssl-certificate for free, valid for 90 days, renewal is also free. To get an certifiacte, the tool
https://github.com/letsencrypt is needed, which, for my taste, is to intrusive
for a producive Server. So, here is a(quick and dirty) way to get a
certificate on a private machine, to put it by hand on the Server.
You will also need to put some hash-string on your Server to be validated,
while the certificate is created, the tool will spit out the instruction.

Get following packages from slackbuilds.org:
virtualenv
augeas

# As "root":
mkdir -p /etc/letsencrypt/{accounts,renewal,keys,archive,live,csr}
mkdir -p /var/lib/letsencrypt/backups
mkdir -p /var/log/letsencrypt
touch /etc/letsencrypt/cli.ini
touch /var/log/letsencrypt/letsencrypt.log

# As "root", make directories writeable by the Systemuser of your choice:
chown -R USER /etc/letsencrypt/ /var/lib/letsencrypt/ /var/log/letsencrypt/

# As "USER", get letsencrypt&dependencies
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./bootstrap/dev/venv.sh
source venv/bin/activate

# finally, as "USER", get your certificate :-)
letsencrypt certonly -a manual -d domain.tld

Last edited by franzen; 11-15-2015 at 11:26 PM. Reason: 2. typo lob -> log
 
Old 11-15-2015, 07:04 AM   #2
willysr
Senior Member
 
Registered: Jul 2004
Location: Jogja, Indonesia
Distribution: Slackware-Current
Posts: 4,276

Rep: Reputation: 1500Reputation: 1500Reputation: 1500Reputation: 1500Reputation: 1500Reputation: 1500Reputation: 1500Reputation: 1500Reputation: 1500Reputation: 1500Reputation: 1500
thanks for the tips, but wondering what you mean by "intrusive" ?
 
Old 11-15-2015, 07:42 AM   #3
slalik
Member
 
Registered: Nov 2014
Location: Moscow
Distribution: Slackware
Posts: 200

Rep: Reputation: 139Reputation: 139
Quote:
Originally Posted by franzen View Post
This might be of interest if you are using selfsigned certificates
on a public server. From tomorrow on(2015-11-16), https://letsencrypt.org/ claims
to give everyone who wants an official ssl-certificate for free, valid for 90 days, renewal is also free.
Where is the announcement about 2015-11-16? I see only the December 3 announcement.
 
Old 11-15-2015, 09:47 AM   #4
franzen
Member
 
Registered: Nov 2012
Distribution: slackware
Posts: 379

Original Poster
Rep: Reputation: 253Reputation: 253Reputation: 253
Quote:
Originally Posted by slalik View Post
Where is the announcement about 2015-11-16? I see only the December 3 announcement.
The lastest Change to the launch schedule is this
I hope the December 3 is related to the client-software only.
 
Old 11-15-2015, 09:58 AM   #5
franzen
Member
 
Registered: Nov 2012
Distribution: slackware
Posts: 379

Original Poster
Rep: Reputation: 253Reputation: 253Reputation: 253
Quote:
Originally Posted by willysr View Post
thanks for the tips, but wondering what you mean by "intrusive" ?
Maybe it's not to bad. Things in the faq like "The Letís Encrypt client is essentially an operating system component" make me wonder, as i just wan't to obtain certificates, and no automatic configuration tool on my Server. The idea of letsencrypt seems to be to widespread certificates to all kind of admins, who maybe won't update their certificate if it doesn't happen automatically.
 
Old 11-15-2015, 04:43 PM   #6
Hangaber
Member
 
Registered: Sep 2004
Location: USA
Distribution: Slackware
Posts: 158

Rep: Reputation: 49
Nice - I've been following the letsencrypt blog page for a little while now.

Using the steps from post #1, plus a few other tweaks - it worked! Granted, the certs aren't issued by a recognized CA yet ("happy hacker fake CA"? Heh) but this is promising.
As the docs say - not ready for production servers yet.

I used my own CSR, although like the docs say, I had to include a SAN (subjectAltName) and convert it from PEM to DER (openssl req -in myfile.csr.pem -out myfile.csr.der -outform der). The errors that you get if you don't do either step are rather vague.

You also have to let the server connect back to you (on port 80 by default) to verify that you're the CN/SAN : DNS specified in the cert. I haven't tested with the Apache plugin for this part yet though but the standalone works.

(To OP, change /var/lob to /var/log in your steps.)

Thanks for posting about this! It has made my Sunday a much happier one.

Last edited by Hangaber; 11-15-2015 at 04:47 PM. Reason: Changed 'steps below' to 'steps from post #1'
 
Old 11-15-2015, 06:12 PM   #7
willysr
Senior Member
 
Registered: Jul 2004
Location: Jogja, Indonesia
Distribution: Slackware-Current
Posts: 4,276

Rep: Reputation: 1500Reputation: 1500Reputation: 1500Reputation: 1500Reputation: 1500Reputation: 1500Reputation: 1500Reputation: 1500Reputation: 1500Reputation: 1500Reputation: 1500
I have SlackBuild scripts for letsencrypt which requires 4 additional python modules if you want to try: https://github.com/willysr/slackbuil...ts/letsencrypt
 
Old 11-16-2015, 01:09 AM   #8
franzen
Member
 
Registered: Nov 2012
Distribution: slackware
Posts: 379

Original Poster
Rep: Reputation: 253Reputation: 253Reputation: 253
Quote:
Originally Posted by Hangaber View Post
(To OP, change /var/lob to /var/log in your steps.)
Typo is fixed now.
@willysr: Thanks for the slackbuild :-)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] to encrypt or not to encrypt a secondary disk rdx Slackware 15 10-30-2014 02:24 PM
LXer: Encrypt Early, Encrypt Often! LXer Syndicated Linux News 0 08-10-2011 02:30 AM
crypt() perl function to encrypt Password in shell scripts or How Encrypt passwords ? balakrishnay Linux - General 13 01-14-2010 09:35 AM
encrypt and decrypt using encrypt(char block[64], int edflag) rockwell_001 Linux - Security 3 08-30-2009 09:16 AM
Encrypt vivekind Linux - General 1 01-16-2002 03:23 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 09:28 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration