[sdnog] Free SSL/TLS Certificates_Let's Encrypt

Nishal Goburdhan nishal at controlfreak.co.za
Thu May 5 10:24:16 SAST 2016 

On 29 Apr 2016, at 5:51, Sara Alamin wrote:

> Good Morning All,
> Jumaa' Mubaraka
>
> Yesterday the SdNOG website configured with SSL certificate using Free 
> SSL/TLS Certificate form an open source Authority called " Let's 
> Encrypt"
> Now you can access SdNOG website with https://www.sdnog.sd
>
> may some of you have faced troubles while setting up a secure website, 
> but with Let's Encrypt is was very easy :) , and you can use these 
> links to guide you
> https://letsencrypt.org/getting-started/
> or
> https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04
> or
> https://www.youtube.com/watch?v=m9aa7xqX67c&list=WL
>
> After configuring the SSL certificate you can test it
> for example: 
> https://www.ssllabs.com/ssltest/analyze.html?d=sdnog.sd&latest
>
> Hope this is useful, as usual feel free to leave your comments :)

hi sara,

thanks for posting (and doing!) this;  as per philip’s response, 
there’s really no reason why everyone shouldn’t be using some type 
of certificate to enable HTTPS everywhere!

here’s a research suggestion to the dotSD team (or perhaps someone at 
university that’s bored and looking for some work) on list;  since you 
already know what domains are registered in SD (and your IDN), can you 
provide some statistics on what percentage of these have a wwww record, 
and what percentage of those are enabling https?  normally, this would 
be uninteresting, but right now, i imagine that because of the 
difficulty in getting traditional certificates in sudan, the number of 
https enabled sites, is very low.  so, it would certainly be interesting 
to see this grow over the years, as letsencrypt type services (ie. other 
free and accessible CAs) start to grow.

(yes, it’s a simplistic test, and not all domains have www entries, or 
need web servers, or run their websites on www, but it’s a starting 
point.  feel free to make it more inclusive, or ask me off list about 
other ideas i have)

here are three additional thoughts and references to consider:
* the letsencrypt client uses a lot of external dependencies;  there are 
other, more lightweight clients that you can consider too, eg: 
https://github.com/diafygi/acme-tiny/blob/master/README.md
* a good friend wrote up his experiences on using a lightweight client 
here:  https://wiki.rg.net/wiki/AcmeTinyUbuntu
* i’ve been playing a little with CaddyServer 
(https://caddyserver.com) which i think daniel posted about a while ago. 
  for someone like me, that doesn’t need all the bells and whistles 
that apache has, this has proven to be quite interesting;  and it comes 
with built-in https (via letsencrypt).  if you’re just interested in a 
quick+easy to run webserver, i recommend checking it out.

hth,
—n.

More information about the sdnog mailing list