diff options
Diffstat (limited to 'content/blog/2015-12-21-setting-up-lets-encrypt-with-ruby-on-rails-and-freebsd/index.en.md')
-rw-r--r-- | content/blog/2015-12-21-setting-up-lets-encrypt-with-ruby-on-rails-and-freebsd/index.en.md | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/content/blog/2015-12-21-setting-up-lets-encrypt-with-ruby-on-rails-and-freebsd/index.en.md b/content/blog/2015-12-21-setting-up-lets-encrypt-with-ruby-on-rails-and-freebsd/index.en.md new file mode 100644 index 0000000..1784881 --- /dev/null +++ b/content/blog/2015-12-21-setting-up-lets-encrypt-with-ruby-on-rails-and-freebsd/index.en.md @@ -0,0 +1,71 @@ ++++ +title = "Setting up Let's Encrypt with Ruby on Rails and FreeBSD" +lang = "en" + +[taxonomies] +tags = ["FreeBSD", "letsencrypt", "tips & tricks"] + +[extra] +author = "harald" ++++ + +{% figure(img="letsencrypt-logo-horizontal.svg") %} +Let's Encrypt logo. +{% end %} + +I've been following [Let's Encrypt] for a while, and the idea is as simple as +it's brilliant! Make it so easy to add a encryption to your webserver setup +that there's really no reson not to. Traditionally this has been both a +cumbersome and potentially expensive investment. At least for smaller stuff +like your average blog or community web site getting a certificate and setting +it all up has been a hassle. + +<!-- more --> + +So I really like the idea of Let's Encrypt, and since they've just launched +their [public beta program] in time for the renewal of one of my certificates +I decided to give it a spin. The process was surprisingly painless. + +The base Let's Encrypt program is already in the [FreeBSD ports collection], +so installing it was as simple as running: + + portmaster -P /usr/ports/security/py-letsencrypt + +There was quite a bit of dependencies to be installed, but the ports system +takes care of that, and portmaster helps make the process really smooth. A few +config options and 10 minutes later everything was built and installed. + +Next step was to generate the certificates. After a few misses I found the +right invocation: + + sudo letsencrypt certonly --webroot \ + -w /usr/local/www/my_rails_app_dir/current/public/ \ + -d mydomain.com -d www.mydomain.com + +Half a minute later I have my certificates in +`/usr/local/etc/letsencrypt/live/mydomain.com`. I just had to update the apache +config and everything worked right away. + +The Let's Encrypt website warns that you may have to shut down your webserver +while it does it's job. That was not neccesary in this case. It seems this is +only neccesary if you run with the `--standalone` option. The `--webroot` +and `-w` options on the other hand allows you to specify manually where +`letsencrypt` should put it's challenge files. + +The Let's Encrypt server then accesses these files using the regular webserver +you're already running. Since this particular domain runs a [Ruby on Rails] +app deployed using [Capistrano] I ended up with the path above. + +I had quite frankly expected that there should be more bumps. For one, this +*is* still a beta, and they do warn that there will be bugs on their website. +Further not all software developed for Linux runs equally smooth on FreeBSD, +but this time there was no need for worrying. + +The plugins for apache and nginx are not yet available in the ports tree +however, so I'm running things manually for now. + +[Let's Encrypt]: https://letsencrypt.org/ +[public beta program]: https://letsencrypt.org/2015/12/03/entering-public-beta.html +[FreeBSD ports collection]: https://www.freebsd.org/cgi/ports.cgi?query=letsencrypt&stype=all +[Ruby on Rails]: http://rubyonrails.org/ +[Capistrano]: http://capistranorb.com/ |