I was sooo tired of Chrome telling me my self-signed server wasn’t protected and that someone wants to steal my data from me. Go away Chrome I know, I signed it, it’s all good now chill out. First world problems eh? I don’t want to click twice!! Anyways. I read about someone giving out free SSLs to the webs. Time to get mine while the gettin’s good! Straight for the deep-end, we can swim right?
So if you are here for ClearOS 7 then good, if not ClearOS then go somewhere else. There’s tons of guides for other systems, and if you don’t have ClearOS chances are there is an installer for you that works. We here at ClearOS however feel that nothing should work right out of the box, or if at all. That being said, I actually found this whole process to be “not that bad”.
Heres the setup:
ClearOS 7 and its loveliness
One or Multiple websites, its all the same
Lets Encrypt
|
1 2 3 4 5 6 |
$ git clone https://github.com/certbot/certbot $ cd certbot $ sudo ./letsencrypt-auto certonly --standalone --agree-tos --redirect --duplicate --text --email youemail@domain.com -d yourdomain.com -d www.yourdomain.com If you have subdomains just drop the last -d part so... $ sudo ./letsencrypt-auto certonly --standalone --agree-tos --redirect --duplicate --text --email youemail@domain.com -d yourdomain.com |
Run that for each domain and subdomain you want to add SSL to. Now hope on over and login to your ClearOS box via the web interface. Go to System >> Settings >> Certificate Manager. Scroll down to the middle of the page till you see External Certificates, hit the add button. You should see a box asking for a bunch of files. Perfect. Give it a name like YourDomain, “Certificate File” point this to fullchain.pem. Point “Key File” to privkey.pem, and “Intermediate File” to cert.pem. Hit the Add button again. After a second you should see the new certificate listed on the page. If not something went wrong. In my experience ClearOS would not let me add the certificate if there was an error, and it would complain.
Once you see your cert in the list head over to Server >> Web >> Web Server. Click on the website you want to add SSL to. Scroll down to SSL Certificate, click the scroll-down and you should see the certificate you added in the list. Don’t forget to save. You should now have SSL on your site. Now don’t forget it expires in 3 months. I’ll figure out how to renew then haha.
Now if you want to force SSL, the simplest way I have found so far is to use .htaccess. I though there was a drop-down option to force SSL but I didn’t see it. Open up your favorite editor and create or edit an .htaccess file.
|
1 2 3 4 5 6 |
<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTP_HOST} ^yourdomain\.com [NC] RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L] </IfModule> |
This should force any request over to HTTPS. I found this page helpful when I was doing my Googling:
https://sysops.forlaravel.com/letsencrypt
