March 14, 2016
Posted by on
Let’s Encrypt is “a free, automated, and open certificate authority” from the ISRG (and now apparently the EFF), and a growing list of technology big-names. And in the sounds too good to be true department, they offer not only free ssl certificates, but an easy to use tool that configures your web server, or ACME – automated certificate management environment, in a just a few easy steps. Encrypting web traffic should be utilized not only with sites running e-commerce or email, but whenever the use of passwords is involved.
First step is to install the client via git:
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
Then run the config:
./letsencrypt-auto --apache -d yoursite.com
The client will ask a few questions about the certificate you want to install. Most importantly, remember that you probably need to apply it to your default-ssl.conf. To test your new certificate, use SSLLabs website:
The tutorial below even shows you how to add renewal options to cron for set and forget ease. Remember to git pull and stash to keep everything up to date. And most of all, it’s a free service!
On the web:
Let’s Encrypt – Free SSL/TLS Certificates
How To Secure Apache with Let’s Encrypt on Ubuntu 14.04
May 16, 2014
Posted by on
When I first configured my cloud server, I was under the impression that I would just be trying it out, a test environment. It didn’t occur to me that I’d actually put it in production. Flippantly, I chose 12.10 instead of opting for 12.04 LTS, which is supported through May 2017. Well, 13.04 was already out of service by the time I got my notice that 12.10 was end-of-life, so the upgrade path was 12.10 -> 13.10 -> 14.04 LTS. Good news is that was easy enough to do. Bad news was 13.10 broke Apache’s Auth_MYSQL, which is used with AWSTATS in iRedMail.
Like a good itjerk, I didn’t panic, went straight from 13.10 to 14.04 LTS, and would worry about the mess from there. Ends up that Auth_MYSQL isn’t supported in Apache 2.4.x, which is what 14.04LTS ships with. So I had to switch to Auth_DBD instead. Zhang at iRedMail was very helpful, and I got everything back up and working. BTW, Denyhosts is no longer supported in 14.04 LTS, that package had to be purged.
Apache2.conf needs this:
DBDParams "host=127.0.0.1 port=3306 dbname=mail user=mail pass=xxxx
While awstats.conf needs:
AuthName "Authentication required"
AuthDBDUserPWQuery "SELECT password FROM mailbox WHERE username=%s"
Then, do this:
apt-get install libaprutil1-dbd-mysql
service apache restart
Moral of the story: Use LTS. Always.