let's encrypt

I never bought a commercial grade SSL certificate for my private website, but I used free ones before. Usually from startssl. While it worked, the process was cumbersome. And then when I wanted to renew, my browser showed a warning that their own certificate was out of order.

When the letsencrypt initiative (supported by mozilla and the electronic frontier foundation) announced it’s goal to make website encryption easier available we all cheered. Last week I finally received an eMail stating my domain was readily white-listed in the beta program. So I took some time and followed their process. It was not always self explanatory, but the ncurses program offered some help. Within a couple of minutes, I had a certificate ready to use. The only thing I did not like, was that if the process transmitted my private key to the server, there was no way of noticing other than actually read the code. I don’t think it did, but I prefer to be certain about these things.

To have my website protected, all I had to do was adding the file location that the utility program provided to the apache site configuration.

Now the bigger work was moving everything to my new server and adapt all the URL’s. Moving the blog was already more work than I expected. It was not a simple export and import. First I had to get the wordpress importer plugin working. The media files are not included in the exported file, and have to be moved manually. Some older blog posts still referenced the old gallery which I wanted to replace with piwigo for a while. So in addition to moving the piwigo gallery, I also had to move lots of photos from the old gallery, and adjust the references in the blog.

Some web apps are not moved yet and will follow. Finally I plan to redirect all http addresses to https.

On the nice side, I could use the new certificate to secure my new email server. I can’t remember when was the first time, but about once every two years I attempted to set up my own email server in the past. Setting up a web server is much simpler. But with the mail servers there was always some problem left that left me not confident enough to really use it. But this time I found a good tutorial that actually worked. It’s geard towards a raspberrypi running raspbian, but worked just fine on my nuc running ubuntu.

Leave a Reply

Your email address will not be published. Required fields are marked *