Let's Encrypt
by Alpha01
I’ve been using Let’s Encrypt for years, and it came to me that I’ve hardly ever really mentioned this awesome service at all! Let’s Encrypt is awesome, plain and simple. I use to throughout my homelab to setup and configure secure access.
Using this awesome is really straight forward. I use the acme.sh script for all ssh requests. The acme.sh script is simple and works beautifully.
Setup
I use the git repository setup method.
git clone https://github.com/acmesh-official/acme.sh.git
cd ./acme.sh
./acme.sh --install -m [email protected]
The setup process will create a ~/.acme.sh configuration environment that the script will use to save your Let’s Encrypt issued certificates in.
I use the Automatic DNS API integration approach to verify and issue certificates. For this to work with Cloudflare, I simply just needed to create an API key and export the following two variables.
export CF_Key="EXAMPLEKEY"
export CF_Email="[email protected]"
Afterwards, it’s just a matter of using the acme.sh script.
For example:
./acme.sh --issue --dns dns_cf -d rubyninja.org -d *.antoniobaltazar.com -d *.rubyninja.org -d *.k8s.rubyninja.org -d *.rubysecurity.org
The really cool thing is that the script is smart enough to save the environments under ~/.acme.sh/account.conf for future use (certs are valid for 90 days). In addition it supports wildcards certificates, as well as it being cron friendly!
Resources
- https://github.com/acmesh-official/acme.sh
- https://github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_cf
- https://developers.cloudflare.com/fundamentals/api/get-started/create-token/
letsencrypt security