Let's encrypt support

Hello friends!

today I read a report on Let’s Encrypt, and wonder if that also in Nethserver can be implemented or even interest there.

In principle, it should not be so complicated, the Python script exisitert yes - may have to be adjusted safely.

greetings

Gerald

Hi Gerald,

Of course, there is interest to implement in NS!
Please read here: http://dev.nethserver.org/issues/3355

Kind regards,
Gabriel

oh, because I was too slow.
But good that other - same ideas find good :slight_smile:

Rejoice m I have it, if that should work.

Kind regards,
Gerald

There is new package with letsencrypt.sh in Testing repo

is letsencrypt avaible also on NS 7.x repo?

take a look yourself -> http://nethserver.de-labrusse.fr/

No it’s not, since we want to integrate it inside the web interface.
We were thinking a “Certificate page” where the user can create LE certificate, self-signed certificate and upload its own certificate.

1 Like

Fantastic!

I want to give some short feedback about Let’s encrypt integration in Nethserver 6.7 using this guide: http://wiki.nethserver.org/doku.php?id=developer:letsencrypt
So far it works fine for the Nethserver Server Manager.
One thing I would change in the guide: put the “Options” in front of the “Test certificate creation” part. Otherwise almost everybody will recognize the options after the certificate is created (like me).

And one other thing:
How about using Let’s Encrypt for other websites without using one certificate for all? i.e. don’t want to mix up my certificates with the certificates of my customers.

2 Likes

I agree, you can edit the document by yourself. Right @giacomo?

Right

Thats true, since I have my account :wink:
I edit the part.

What is the current status of the let’s encrypt project? I would like to use it on NS 7.4. Does the server FQDN have to be the private one or can I use my public domain pointed to server IP?

there is no problem at all with using the public domain…!!

1 Like

It’s fully supported but having a public FQDN is still mandatory

Just to make sure I understand. It is OK to have a private FQDN as server name as long as you have a registered domain with A record pointing to server IP?
Where do I find instructions?

  1. Set public DNS record for your servername.domain.com to your public IP with an A record … or a cname referencing an a.

  2. Set port forwarding on your firewall/router to go from your public IP to your server IP for the needed ports, let’s encrypt uses 443 iirc. It uses the requested names to check if it can find the server like that and performs a handshake with itself.

  3. Optional: disable the port forward. RE-enable at renewal.

  4. Profit.

Let’s Encrypt uses port 80.
Do not disable port forward, it’s needed every 60 days and you’ll probably forget to re-enable it when needed.

I do not want all my servers exposed on port 80 or any other non-internet service, so there is a procedure in place to check certs and act accordingly :wink: but yeah, it was forgotten several times before :wink: