###Update### This process has now been simplified even renewing the certificates with a library that can be found here nfsn lets encrypt

I let my certificates expire and was able to run the script very simply and everything is now fixed without having to do any extra steps yay!

I have enabled https for a couple domains in the past and the experience has always been nerve wracking. Any little change can seem to be a possibly major hurdle. System Administration has never been my forte but I do like aspects of it. Except when it goes wrong which it often does. Usually unless all the commands I copy and paste online work everything is groovy otherwise PANIC!

Luckily this was less panic. I found this blog that made it really simple to setup. While I tried another github repo that was geared toward nsfn setup I ended up using the nosudo version and following the blogs instructions.

Git clone this repo https://github.com/diafygi/letsencrypt-nosudo to a directory and run the commands it lists in the readme to generate the keys then using python 2.7 (Windows worked fine for me using ConEMU) run the command python sign_csr.py –file-based –public-key user.pub domain.csr > signed.crt

Go through all the steps and you will need to update your website with a temporary webpage with the content that it requests. Remove it when done. Then as the author from the blog says grab the domain chain file

curl -o domain.chn https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem

On nsfn login and

mkdir -p /home/protected/ssl

Copy / SCP / Use a client to copy the domain.key, signed.crt, domain.chn to /home/protected/ssl

Then run the command

cat privkey.pem cert.pem chain.pem | nfsn -i set-tls

You should get a response like so

INFO: Enabling TLS for www.alanmbarr.com
INFO: Enabling TLS for www.alanmbarr.com
INFO: Enabling front-end HTTPS for www.alanmbarr.com
INFO: Flagging canonical name as HTTPS-enabled.
e4: OK (www.alanmbarr.com)
e3: OK (www.alanmbarr.com)
e6: OK (www.alanmbarr.com)
e5: OK (www.alanmbarr.com)
OK: Setup was fully confirmed.

For me the changes were pretty much instant and navigating to the website took me to the https version.

Here’s to a more secure web!

Contact me

Let’s Start a Project