Let’s Encrypt with DDNS on CentOS 7

My new A+ rating for my personal web server, with certificates from Let’s Encrypt!

A while back, I started using CentOS, with Apache, to host my own website. As I talked about here on this blog, the website is for my Piwigo server, which is a Google Photo’s alternative. My pictures from my phone are backed up to my home server automatically, and the Piwigo server acts as an interface where people with appropriate passwords can log in and see the photos. Typically, just me and my wife.

One problem that I had, however, was difficulty getting a certificate from a CA (Certificate Authority), and I had to use a self signed certificate. This worked great, to be honest, except that some browsers have a pesky “this is not secure” message that you had to accept alot. It got old if I was showing some one, either client or friend, the setup but had to acknowledge a big security warning.

So, I set out once again to try to get that fixed. I heard a lot of good things about Let’s Encrypt, the free, open source encryption method, and that they now support DDNS, so I thought I’d give it a try. So, logging into the terminal, I followed the instructions, and got this in the terminal:

[root@localhost alaskalinuxuser]# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: alaskalinuxuser.ddns.net
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for alaskalinuxuser.ddns.net
Cleaning up challenges
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.

This was a bit confusing to me, since I could browse to my own website on port 80. But, fortunately, I found the answer here: http://tomaskalabis.com/wordpress/letsencrypt-unable-to-find-a-virtual-host-listening-on-port-80/

So, I made a new file at /etc/httpd/conf.d/alaskalinuxuser.conf and filed it in with this:

<VirtualHost *:80>  
    ServerAdmin alaskalinuxuser@fastmail.com
    ServerName alaskalinuxuser.ddns.net
    ServerAlias alaskalinuxuser.ddns.net
    DocumentRoot /var/www/html 
</VirtualHost>

After that, I exited nano and restarted the httpd daemon, and was able to re-run certbot:

[root@localhost conf.d]# certbot --apache -d alaskalinuxuser.ddns.net
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for alaskalinuxuser.ddns.net
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/httpd/conf.d/ssl.conf
Redirecting vhost in /etc/httpd/conf.d/alaskalinuxuser.conf to ssl vhost in /etc/httpd/conf.d/ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://alaskalinuxuser.ddns.net

And now I have a CA vouching for my web server!

Linux – keep it simple.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s