Certificate Generation using Let’s Encrypt

Posted byRitesh Kumar ReddyPosted inDevops, Let's EncryptTags:, , ,

This article will talk about – Let’s Encrypt and Certbot, Installing it and why should we be using it. From there, you can take a dig at the advanced features.

Please make a note that I’ll be using LE instead of Let’s Encrypt in a few places throughout the article.

What Is Let’s Encrypt?
Let’s Encrypt is a Certificate Authority that issues Certificate to enable HTTPS on your websites. So to generate a certificate you must be able to prove that you own that domain. For this purpose we must be using an ACME protocol.

Certbot, is one of the ACME client that serves this motive. LE recommends to use this client on their website but it’s up to you to use it or not.
For more details on what is an ACME protocol, check this out -> https://ietf-wg-acme.github.io/acme/draft-ietf-acme-acme.html

Installation –
What can be better than using ansible to install this?
Let’s do it with a playbook.

Firstly, add the certbot repo –
– apt_repository:
    repo: ‘ppa:certbot/certbot’
 
Next, Update and Install Certbot –
– apt:
    name: “{{ item }}”
    update_cache: yes
with_items:
  – certbot     

That’s it!! Yes, that’s it. Sounds simple right.Certbot uses its own internal web server to generate the certificates. Now, you have your own server that is capable of generating certificates for your websites.

Command to generate the certificate
certbot certonly –manual -d <your_domain> –preferred-challenges dns-01 –server https://acme-v02.api.letsencrypt.org/directory–agree-tos

Command explanation
The manual tag indicates that you are going to generate a certificate manually using certbot.
https://acme-v02.api.letsencrypt.org/directoryis the certificate generating end point. Please remember that if you are just testing, don’t use this endpoint as this has rate limits per domain. Instead use the staging URL – https://acme-staging-v02.api.letsencrypt.org/directory.

Command execution
When you execute the above mentioned command it generates a text record. You have to save the text record for the domain in route53. And then continue the command execution. Next, the authentication runs and the certificate is generated.

Why letsencrypt / certbot?
– It’s open source. What’s more important than this? Haha !!
– It’s secure.
– Easy to use.
– Automation Friendly.
– Generates certificates for wild card entries as well.

The whole certificate generation and renew process can be automated. When I write my next article on certbot I’ll talk about this.

Advertisement

Published by Ritesh Kumar Reddy

I(Ritesh) work as a Sr. Cloud Engineer for a living. Learning new technologies has always been my hobby. Why not share it? Here is the brainchild – blogging to share the knowledge. This blog is for those who wish to start or already into the Cloud field. Each article briefly talks about a tool/technology that is used in the Cloud model. Once you read the article, I hope, you get a kick start regarding the specific tool/technology.

One thought on “Certificate Generation using Let’s Encrypt

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: