Installing Let's Encrypt for FSMK main web-site


#1

This is an attempt to make future changes(maintenance) to the server easier, to debate and implement the best practice on the server and obviously to learn!

OBJECTIVE : Install SSl certificate for https access

CHOICE : Let’s Encrypt Certificate Authority

Roadblocks

  1. OS is debian wheezy which does not have updated packages

  2. OS is running apache 2.2 which is the latest packaged version for debian7

  3. Certbot and LE does not have proper automaion (obtaining + installing) tools for apache 2.2

  4. drupal has some kind of conflict with lets encrypt that should be fixed with future drupal patches… but as of now installing new certs on drupal is not streamlined (but then again installing is a one-time only job) (haven’t checked renewal of certs yet)

workaround through issue 4

Renewing the cert (fsmk.org) is going to be tough as this would mean that the server would go down for some time (since disabling the .htaccess file for some time resulted in the site breaking down) [some work-around still needs to be thought-of]


Thanks to @shijil @sarath_ms @kishangupta for all the help…(especially sarath… i pegged his brain to much!! :innocent: )


#2

Consider using an LE client that supports DNS verification. That should fix any conflicts with the web server or any web applications.

letsencrypt.sh is one that I’ve used - DNS verification docs.