Tag: Letsencrypt

[Ubuntu] Letsencrypt with Apache and Freeradius

This little tutorial describes how to use Letsencrypt with Apache, Freeradius and Auto-Renewal of the Certificates.

#Install Letsencrypt
sudo apt-get update
sudo apt-get install git
cd /opt
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
cd /opt/letsencrypt

#Become root
sudo su

#"Order" certificates (replace SERVERDOMAIN.COM with the DNS of your Server!)
./letsencrypt-auto --apache -d SERVERDOMAIN.COM --rsa-key-size 4096
Enter Contact Mail: mail@SERVERDOMAIN.COM
Configuration Type: Secure #is best, as it does redirect insecure http to https)

#Read PATH variable
echo $PATH

#Cronjob for certificate renewal
#you should under all circumstances replace the string following PATH= with your own, as read with the command above.
#Seperate with ; from the rest of the command like shown in the example
crontab -e

#letsencrypt
30 2 * * 1 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games;/opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log
35 2 * * 1 /etc/init.d/freeradius restart
35 2 * * 1 /etc/init.d/apache2 restart

#Configure Freeradius
cp -r /etc/freeradius/certs/ /etc/freeradius/certs_bkp
rm /etc/freeradius/certs/*.pem
cp /etc/freeradius/eap.conf /etc/freeradius/eap.conf_bkp

vi /etc/freeradius/eap.conf

#certdir = ${confdir}/certs
#cadir = ${confdir}/certs
certdir = /etc/letsencrypt/live/SERVERDOMAIN.COM
cadir = /etc/letsencrypt/live/SERVERDOMAIN.COM
#dh_file = ${certdir}/dh
dh_file = ${confdir}/certs/dh
#private_key_password = whatever
private_key_file = ${certdir}/privkey.pem
certificate_file = ${certdir}/cert.pem
CA_file = ${cadir}/fullchain.pem

#Configure access rights on /etc/letsencrypt
cd /etc/letsencrypt/
chgrp -R ssl-cert archive csr keys live options-ssl-apache.conf renewal # set group of cert/key dirs to ssl-cert
find . -type d -exec chmod g+xs {} \; # directories executable and setguid (set group ssl-cert for new files/dirs)
find . -type f -exec chmod g+r {} \; # files readable

#Restart Freeradius
service freeradius stop
service freeradius start

Additional infos: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04

Letsencrypt - Now secured

Hello there,

now that finally the Letsencrypt.org project is alive, I did secure this blog with an SSL Certificate (yes, was about time!).
I did already pariticipate in the closed beta and secured about 5 websites (among them some RPis, of course!) and private hosted embedded devices.
Worked like a charm :)!
If you want to find out more about this awesome project or secure your website - go to https://letsencrypt.org/.
Let's encrypt all the things :)!