Certbot on OpenSUSE LEAP15

Print
Details
Category: Datorer
Hits: 890

It's been a long time since the last time I set up a Linux-server with Apache. At the moment I have a lot of time to fool around with this kind of thing,,,again. The only difference this time is that the server is a VM running inside of windows 10(host). The VM software(and the host-machine hardware) is so good that I do not actually feel that there is anything different from running Linux on seperate (older model) hardware, than running it on one thread on my i7(with some precautionaries).

Last time I wrote anything about this was in 2016(see article ownClowd installasjon på OpenSuSE LEAP 42.2 m/Apache)[no], when I tested my SSL-connection/configuration on an Apache2-server also. Same server-name as now actually. At that time there was a site called  https://www.startssl.com, that gave you free cerficates as long as you could verify your e-mail or something like that. And at that point I wanted my web-site to be encrypted since I was logging in to my own site(owncloud). And as all people know, security is becoming more and more important in the "internet-world" since alot of personal information is available through the pc.

 

I tried to go to https://www.startssl.com to see if the service was still there/free. It wasn't as far as I could see. I did a quick search and found the following site: https://certbot.eff.org. They're actually providing a free cerficate for your safety on the net. They've made a python-script that does all the configuration for you if you want that. That's what I tested. I only tested on the top-level-domain and not on sub-domains. I will take a look at that later on.

I only had to install one "thing" when I tried to install/use the installation script, which was the "rewrite"-module for apache. The "rewrite" module takes all requests from port 80 to port 443(http to https), and it's actually not needed(I believe/think). 

If you visit the website of certbot(https://certbot.eff.org), you will get instrutions on how to install for a good variety of distributions. I just tried out for my top-domain-level and it worked flawless:

sudo certbot --apache

It means: Execute the script as a "super user" towards the apache - installation. THere were some questions about email and domain, and that's it. Worked like a charm.

You also have the opportunity to donate money to this fine piece of software/organization, that gives you a valid certificate (as far as I know) that all browsers recognize. 

When I look back at the startssl.com certificates, the problem at the end was a dispute between startssl and mozilla.... I think(???)..

I can most certainly say that it was nice to automate the process of installing a certificate. Very much! And after visiting Qualys SSL-Labs I could verify that the site is secure. The result: