Let's encrypt support

gerald_FS · February 21, 2016, 7:47pm

Hello friends!

today I read a report on Let’s Encrypt, and wonder if that also in Nethserver can be implemented or even interest there.

In principle, it should not be so complicated, the Python script exisitert yes - may have to be adjusted safely.

greetings

Gerald

GG_jr · February 21, 2016, 7:55pm

Hi Gerald,

Of course, there is interest to implement in NS!
Please read here: Feature #3355: Let's Encrypt (partial) support - NethServer 6 - NethServer.org

Kind regards,
Gabriel

gerald_FS · February 21, 2016, 8:08pm

oh, because I was too slow.
But good that other - same ideas find good

Rejoice m I have it, if that should work.

Kind regards,
Gerald

Nas · February 21, 2016, 8:50pm

There is new package with letsencrypt.sh in Testing repo

jackyes · February 27, 2016, 10:13am

is letsencrypt avaible also on NS 7.x repo?

stephdl · February 27, 2016, 10:59am

take a look yourself -> http://nethserver.de-labrusse.fr/

giacomo · February 27, 2016, 6:40pm

No it’s not, since we want to integrate it inside the web interface.
We were thinking a “Certificate page” where the user can create LE certificate, self-signed certificate and upload its own certificate.

jackyes · February 27, 2016, 7:05pm

Fantastic!

Hunv · April 1, 2016, 7:13am

I want to give some short feedback about Let’s encrypt integration in Nethserver 6.7 using this guide: http://wiki.nethserver.org/doku.php?id=developer:letsencrypt
So far it works fine for the Nethserver Server Manager.
One thing I would change in the guide: put the “Options” in front of the “Test certificate creation” part. Otherwise almost everybody will recognize the options after the certificate is created (like me).

And one other thing:
How about using Let’s Encrypt for other websites without using one certificate for all? i.e. don’t want to mix up my certificates with the certificates of my customers.

alefattorini · April 1, 2016, 9:18am

I agree, you can edit the document by yourself. Right @giacomo?

giacomo · April 1, 2016, 9:23am

Right

Hunv · April 1, 2016, 9:32am

Thats true, since I have my account
I edit the part.

vbn · November 17, 2017, 11:26pm

What is the current status of the let’s encrypt project? I would like to use it on NS 7.4. Does the server FQDN have to be the private one or can I use my public domain pointed to server IP?

phonon112358 · November 17, 2017, 11:43pm

there is no problem at all with using the public domain…!!

alefattorini · November 20, 2017, 11:17am

It’s fully supported but having a public FQDN is still mandatory

vbn · November 21, 2017, 5:45pm

Just to make sure I understand. It is OK to have a private FQDN as server name as long as you have a registered domain with A record pointing to server IP?
Where do I find instructions?

planet_jeroen · November 21, 2017, 6:19pm

Set public DNS record for your servername.domain.com to your public IP with an A record … or a cname referencing an a.
Set port forwarding on your firewall/router to go from your public IP to your server IP for the needed ports, let’s encrypt uses 443 iirc. It uses the requested names to check if it can find the server like that and performs a handshake with itself.
Optional: disable the port forward. RE-enable at renewal.
Profit.

filippo_carletti · November 21, 2017, 6:21pm

Let’s Encrypt uses port 80.
Do not disable port forward, it’s needed every 60 days and you’ll probably forget to re-enable it when needed.

planet_jeroen · November 21, 2017, 6:33pm

I do not want all my servers exposed on port 80 or any other non-internet service, so there is a procedure in place to check certs and act accordingly but yeah, it was forgotten several times before