[sdnog] Free SSL/TLS Certificates_Let's Encrypt
Nishal Goburdhan
nishal at controlfreak.co.za
Thu May 5 10:24:16 SAST 2016
On 29 Apr 2016, at 5:51, Sara Alamin wrote:
> Good Morning All,
> Jumaa' Mubaraka
>
> Yesterday the SdNOG website configured with SSL certificate using Free
> SSL/TLS Certificate form an open source Authority called " Let's
> Encrypt"
> Now you can access SdNOG website with https://www.sdnog.sd
>
> may some of you have faced troubles while setting up a secure website,
> but with Let's Encrypt is was very easy :) , and you can use these
> links to guide you
> https://letsencrypt.org/getting-started/
> or
> https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04
> or
> https://www.youtube.com/watch?v=m9aa7xqX67c&list=WL
>
> After configuring the SSL certificate you can test it
> for example:
> https://www.ssllabs.com/ssltest/analyze.html?d=sdnog.sd&latest
>
> Hope this is useful, as usual feel free to leave your comments :)
hi sara,
thanks for posting (and doing!) this; as per philip’s response,
there’s really no reason why everyone shouldn’t be using some type
of certificate to enable HTTPS everywhere!
here’s a research suggestion to the dotSD team (or perhaps someone at
university that’s bored and looking for some work) on list; since you
already know what domains are registered in SD (and your IDN), can you
provide some statistics on what percentage of these have a wwww record,
and what percentage of those are enabling https? normally, this would
be uninteresting, but right now, i imagine that because of the
difficulty in getting traditional certificates in sudan, the number of
https enabled sites, is very low. so, it would certainly be interesting
to see this grow over the years, as letsencrypt type services (ie. other
free and accessible CAs) start to grow.
(yes, it’s a simplistic test, and not all domains have www entries, or
need web servers, or run their websites on www, but it’s a starting
point. feel free to make it more inclusive, or ask me off list about
other ideas i have)
here are three additional thoughts and references to consider:
* the letsencrypt client uses a lot of external dependencies; there are
other, more lightweight clients that you can consider too, eg:
https://github.com/diafygi/acme-tiny/blob/master/README.md
* a good friend wrote up his experiences on using a lightweight client
here: https://wiki.rg.net/wiki/AcmeTinyUbuntu
* i’ve been playing a little with CaddyServer
(https://caddyserver.com) which i think daniel posted about a while ago.
for someone like me, that doesn’t need all the bells and whistles
that apache has, this has proven to be quite interesting; and it comes
with built-in https (via letsencrypt). if you’re just interested in a
quick+easy to run webserver, i recommend checking it out.
hth,
—n.
More information about the sdnog
mailing list