Free SSL Certificates

  • @'tinh_x7: Could you say a little more about how you did the installation? Did you use the nginx auto install feature of the letsencrypt client? To what extent does the clinet handle auto update of the certificate?


    Overall lets encrypt seems to be a great idea for a OMV plugin, the whole point of letsencrypt is to have short life time certificates (90 days) that are then automatically renewed using their client (see https://letsencrypt.org/2015/11/09/why-90-days.html). Ideally an OMV plugin would handle regular running of the client and possibly add the certificate to sickbeard, couchpotato and even ssh. Could it be added to the plugin wish list?

  • Edit: Public Beta is open on 12/03/15.
    One thing I don't like is that you need manually update the certs or write a script to update before it expires.



    Regarding installation, I'm install directly on OMV.
    The installation is not that bad if you know what you're doing.
    If you using a docker, then it's a different approach.


    Here's the basic guide:


    The first thing to do is register your domains via Let's Encrypt, sub-domains must be submitted individually.
    Then wait for them to send an email confirmation.


    Next.


    1.

    Code
    git clone https://github.com/letsencrypt/letsencrypt
    cd letsencrypt


    2.

    Code
    # make sure to stop any server running on port 80
    ./letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory certonly
    # It will prompt you for domains to validate then proceed with ACME


    3. Follow the rest of the installation instructions.
    Once you successfully generated the certs, it'll shows you the expiration date & the location of the certs.
    i.e. /etc/letsencrypt/live/mydomain.com/


    4. If you're using Nginx like many of us, then use fullchain.pem & privkey.pem


    5. Restart your port 80 service.


    6. Copy & paste fullchain & privkey to your OMV SSL via web gui.


    7. Done.

  • @tinh_x7 Are the certs generated locally and lets encrypt just signs the signing request? Do they also offer certs on their page?


    If they would also offer signed certs that you get from them they'd become untrustworthy for many people.


    Greetings
    David

    "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

  • Back then I was a beta tester, so I had to submit my domains to them first before generate the certs.
    But now it's open to public, you're no longer require to email them.
    It seems like you can generate them locally.


    My certs are generated locally, and they've been working great.


    https://letsencrypt.readthedocs.org/en/latest/using.html


    Quote

    https://letsencrypt.readthedocs.org/en/latest/using.html

    https://letsencrypt.readthedocs.org/en/latest/using.html

    OMV v5.0
    Asus Z97-A/3.1; i3-4370
    32GB RAM Corsair Vengeance Pro

  • Thank you.


    Greetings
    David

    "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

  • I have finished the plugin for Let's Encrypt and it will be coming to OpenMediaVault very soon


    Sounds great! Looking forward installing it :)

    Hardware: MSI B150M ECO - Intel Pentium G4400 - 16GB Crucial CT2K8G4DFD8213 - Mushkin Chronos SSD 120 GB - 4x WD Red 4TB (RAID5)
    Software: OMV 4.1.x, Plex Media Server, Docker

  • It looks like WoSign no longer offers free SSL Certificates.

    I suspect that has something to do with the fact that they are being removed from trust stores.

    OMV 4.1.30-1 (Arrakis); Shuttle XPC SH67H3; Intel Core i5-2390T; 8 GB DDR3-1333 RAM; 128GB SanDisk Z400s SSD (OS); Samsung 860 EVO 1TB (primary storage).

  • Use the Let's Encrypt plugin.

    I am. It's a good thing Let's Encrypt exists, as they seem to be the only trusted source of free SSL Certificates anymore. StartSSL, which I used to use on all of my websites, is being removed from trust stores as well. Good riddance I say. They were always a pain to deal with and I ended up switching to Let's Encrypt as soon as it came into existence.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!