HTTPS on Nearly Free Speech Net with Lets Encrypt

Posted by Alan Barr on Wed 12 October 2016 Updated on Sat 21 January 2017

Update

This process has now been simplified even renewing the certificates with a library that can be found here nfsn lets encrypt

I let my certificates expire and was able to run the script very simply and everything is now fixed without having to do any extra steps yay!

I have enabled https for a couple domains in the past and the experience has always been nerve wracking. Any little change can seem to be a possibly major hurdle. System Administration has never been my forte but I do like aspects of it. Except when it goes wrong which it often does. Usually unless all the commands I copy and paste online work everything is groovy otherwise PANIC!

Luckily this was less panic. I found this blog that made it really simple to setup. While I tried another github repo that was geared toward nsfn setup I ended up using the nosudo version and following the blogs instructions.

Git clone this repo https://github.com/diafygi/letsencrypt-nosudo to a directory and run the commands it lists in the readme to generate the keys then using python 2.7 (Windows worked fine for me using ConEMU) run the command python sign_csr.py --file-based --public-key user.pub domain.csr > signed.crt

Go through all the steps and you will need to update your website with a temporary webpage with the content that it requests. Remove it when done. Then as the author from the blog says grab the domain chain file

curl -o domain.chn https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem

On nsfn login and

mkdir -p /home/protected/ssl

Copy / SCP / Use a client to copy the domain.key, signed.crt, domain.chn to /home/protected/ssl

Then run the command

cat privkey.pem cert.pem chain.pem | nfsn -i set-tls

You should get a response like so

INFO: Enabling TLS for www.alanmbarr.com
INFO: Enabling TLS for www.alanmbarr.com
INFO: Enabling front-end HTTPS for www.alanmbarr.com
INFO: Flagging canonical name as HTTPS-enabled.
e4: OK (www.alanmbarr.com)
e3: OK (www.alanmbarr.com)
e6: OK (www.alanmbarr.com)
e5: OK (www.alanmbarr.com)
OK: Setup was fully confirmed.

For me the changes were pretty much instant and navigating to the website took me to the https version.

Here's to a more secure web!

tags: security