Lets Encrypt

Discussion in 'Feedback and Suggestions' started by coolv1994, Jan 31, 2016.

  1. coolv1994

    coolv1994 Member

    Messages:
    508
    Likes Received:
    0
    Trophy Points:
    16
    Hello,
    I was wondering if it would be possible to add support for Lets Encrypt?
    Lets Encrypt offers free SSL certificates by simply running a program on your server.
    https://letsencrypt.org/

    Encryption is very important these days, especially with e-commerce, social media, and such, and being able to securely encrypt data over the internet for free would just simply be ideal.

    Many hosts and other big companies have already started using Lets Encrypt, I think it would be a good addition to x10Hosting/x10Premium.

    Please note, I am a premium customer and am primarily talking about adding it to the premium services, not to say it would not benefit the free services.
     
  2. essellar

    essellar Community Advocate Community Support

    Messages:
    3,295
    Likes Received:
    227
    Trophy Points:
    63
    It's still in beta (complete with great big "use at your own risk" warnings on the site), and there is already a production-ready SSL/TLS on Premium. There'd be nothing keeping you from installing it on a VPS, but there are SLAs preventing x10Premium from foisting a beta infrastructure on paying customers.
     
  3. coolv1994

    coolv1994 Member

    Messages:
    508
    Likes Received:
    0
    Trophy Points:
    16
    I see what you are saying, I had not taken SLAs into account when posting.
    Please keep in mind though, I am not saying to replace the existing SSL system, or to incorporate it at this time; but to possibly in the future add a button in cPanel or something with the option to enable Lets Encrypt services.
     
  4. Sharky

    Sharky Community Paragon Community Support

    Messages:
    4,389
    Likes Received:
    91
    Trophy Points:
    48
    Please understand that until it's been running for a while, it's a risk to install this on any production server. In the future, sure, but I'd be surprised if it's used in the next 12-24 months. I'm happy to be proved wrong.
     
  5. wwinter

    wwinter Member

    Messages:
    66
    Likes Received:
    3
    Trophy Points:
    8
    Technology moves very fast in the digital world. New concepts and architectures leap frog each other all the time. When something becomes stable, it is already overtaken and obsoleted by newer versions.
     
  6. essellar

    essellar Community Advocate Community Support

    Messages:
    3,295
    Likes Received:
    227
    Trophy Points:
    63
    ...and you're absolutely free to run anything you want on your own server (dedicated, colo or VPS) and take the risks. Nobody offering a service should be taking risks on their customers' backs.
     
  7. Skizzerz

    Skizzerz Contributors Staff Member Contributors

    Messages:
    2,929
    Likes Received:
    117
    Trophy Points:
    63
    Disclaimer: I don't deal with the premium side of things, so this may not be fully accurate. I don't know exactly what features are present on the x10Premium cPanel or if the version installed supports SNI (which is required for Lets Encrypt unless you happen to also have a dedicated IP address). I have not tested or vetted these steps, and there may be some "important" details missing that require one to connect-the-dots. Follow these instructions at your own risk, caveat emptor, etc. etc.

    You should be able to install a Lets Encrypt certificate yourself manually, although renewing it would also be manual and something you would need to do quite often.
    1. Ensure you are able to connect to SSH. In the past, you needed to open a support ticket in the client portal before SSH access was turned on for your account. If this is still the case, ensure you go do that. You can verify by going to the SSH/Shell Access icon in your cPanel and seeing if you are able to connect with the provided details. An SSH client is required (such as PuTTY for windows); an ssh client is already bundled into OS X and Linux.
    2. The official letsencrypt client requires root access to the server, which you will not have. Instead, download letsencrypt-nosudo by executing the following command in ssh: git clone https://github.com/diafygi/letsencrypt-nosudo
    3. In cPanel, click SSL/TLS Manager. You will first need to generate two private keys (I recommend 2048 bit RSA), and then a Certificate Signing Request (CSR). The first private key is for your lets encrypt account, the second is for the domain -- name them appropriately. When generating the CSR, ensure you select the domain key. You will need to save the account public key and the CSR to files (include the begin/end lines) and upload them to the server in the letsencrypt-nosudo directory. I'm calling these files account.pem and domain.csr, respectively.
    4. In SSH, cd letsencrypt-nosudo then python sign_csr.py -p account.pem domain.csr > domain.crt
    5. In SSH, cat domain.crt and copy all of the text it spits out, including the begin/end lines.
    6. In cPanel SSL/TLS Manager, click certificates and paste the contents that you copied in step 5 into the certificate box then hit save.
    7. It should appear in the list, click on "Install" for its heading to activate it for your website

    To renew, you will need to generate a new CSR in cPanel, then follow steps 4-7 again with the new CSR and your original account.pem.

    Not pretty, but it should work. The parts requiring SSH commands do not have to be executed on the server, if you would rather execute them on your own local PC instead (provided your local PC is some *nix variant, such as Linux or OS X).
     
    • Informative Informative x 1
  8. Sharky

    Sharky Community Paragon Community Support

    Messages:
    4,389
    Likes Received:
    91
    Trophy Points:
    48
    Sed qui custodiet ipsos custodes, Skizzerz?? QUI CUSTODIET??
     
  9. ajstetson17

    ajstetson17 Member

    Messages:
    56
    Likes Received:
    7
    Trophy Points:
    8
    Just thought I'd add here that another way to get Lets Encrypt is to use this website: https://gethttpsforfree.com
    (GitHub Link)

    It is a similar implementation (and uses similar steps) to what @Skizzerz said above but instead of installing letsencrypt-nosudo, you would just use the website. I've used it to generate a few certificates for my VPS websites (mainly because I don't want to install any extra packages on it) and it works great.
     
  10. wwinter

    wwinter Member

    Messages:
    66
    Likes Received:
    3
    Trophy Points:
    8
    noted with thanks.
     

Share This Page