box install letsencrypt
Using Let’s Encrypt for SSL on your seedbox is a great way to have a valid certificate and avoid all the nag screens and exceptions that you have to jump through when dealing with self-signed certificates. Let’s Encrypt provides an easy way to obtain and install trusted certificates for absolutely no cost, other a couple of minutes of time.
Before we start, it is required that you have a valid domain name. Purchase one anywhere you like… they are not too expensive. You will then need to setup an A Record for the domain to point the IP of your seedbox towards. I would recommend CloudFlare… there are several reasons why CloudFlare is a good choice, but the biggest is that once again, it’s free.
In the near future, QuickBox will provide an option to donate to the Project any amount you like and we’ll hook you up on a subdomain, ie. myserver.quickbox.io. Obviously, there would be limitations to this method as someone could already have a subdomain, so we’ll sort those details as it plays out… for now, domains are relatively cheap.
You can now purchase QuickBox DNS services!
Setup and install Let’s Encrypt
Option 1: Sever has its own Domain
apt-get -y install git git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt cd /opt/letsencrypt ./letsencrypt-auto --apache -d your_domain.com -d sub.your_domain.com
Replace your_domain.com and sub.your_domain.com with that of your actual domain. Subdomains are only needed if you are attaching your seedbox to another domain, ie; mybox.domain.com use Option 2.
Option 2: Server is on a Subdomain
apt-get -y install git git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt cd /opt/letsencrypt ./letsencrypt-auto --apache -d sub.your_domain.com
Then setup auto-renewal of the ca-certificate
Now add a crontab
sudo crontab -e
Enter the following:
30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log
Save and exit.
This will create a new cron job that will execute the letsencrypt-auto renew command every Monday at 2:30 am. The output produced by the command will be piped to a log file located at /var/log/le-renewal.log.
Next, you will also need to change your DocumentRoot after you install let’sencrypt … The good news is you can do it with one string :
sed -i "s|DocumentRoot /var/www/html|DocumentRoot /srv/rutorrent/home/|g" /etc/apache2/sites-enabled/000-default-le-ssl.conf && service apache2 restart