Monthly Archives: July 2016

How to Setup Let’s Encrypt on Apache2 and Ubuntu 14.04 LTS

After years of having to manually renew certificates (I’ve used StartSSL in the past), Let’s Encrypt is finally live and will allow you to automate this process by installing an agent and a cron job.

Here I’m trying to install certificates on multiple blogs on the same server.

Sites. secure all congrats

auto-create-keys

It’s stupidly easy to do:

  1. Go here: https://certbot.eff.org/
  2. Follow the on-screen instructions
  3. THAT’S IT!

Amazing right? Well I did run into a few errors but they were easily solved:

  • No valid IP addresses found for [website]
    • Make sure your DNS A and CNAME records are correct with the correct IP
  • Incorrect validation certification for TLS-SNI-01 challenge
    • This I found was due to two issues I had:
      • I forgot the site was no longer hosted on my server so the DNS record was pointing to another host anyway
      • You need to have SSLEngine, SSLCertificateFile, and SSLCertificateKeyFile values set in your Apache configuration. Even if it points to empty files, it’ll work. Of course this is probably because I had values there earlier. I haven’t tested this but if only “SSLEngine on” is set, it should still work.
        turn off ssl3
  • DNS problem: NXDOMAIN looking up A for [website]
    • Make sure you have a CNAME record for the subdomain (e.g., “www”)
  • Redirect HTTP traffic to HTTPS no longer works
    cert generator

    • All you have to do is adjust the 000-default configuration to the following:           redirect-http-to-https

Also be sure to protect your sites from POODLE.  Analyze your site here: https://www.ssllabs.com/ssltest/analyze.html

That’s all folks. If you have any issues please let me know in the comments.