diff options
Diffstat (limited to 'content/blog/2015-12-21-setting-up-lets-encrypt-with-ruby-on-rails-and-freebsd/index.md')
| -rw-r--r-- | content/blog/2015-12-21-setting-up-lets-encrypt-with-ruby-on-rails-and-freebsd/index.md | 71 |
1 files changed, 0 insertions, 71 deletions
diff --git a/content/blog/2015-12-21-setting-up-lets-encrypt-with-ruby-on-rails-and-freebsd/index.md b/content/blog/2015-12-21-setting-up-lets-encrypt-with-ruby-on-rails-and-freebsd/index.md deleted file mode 100644 index 1784881..0000000 --- a/content/blog/2015-12-21-setting-up-lets-encrypt-with-ruby-on-rails-and-freebsd/index.md +++ /dev/null @@ -1,71 +0,0 @@ -+++ -title = "Setting up Let's Encrypt with Ruby on Rails and FreeBSD" -lang = "en" - -[taxonomies] -tags = ["FreeBSD", "letsencrypt", "tips & tricks"] - -[extra] -author = "harald" -+++ - -{% figure(img="letsencrypt-logo-horizontal.svg") %} -Let's Encrypt logo. -{% end %} - -I've been following [Let's Encrypt] for a while, and the idea is as simple as -it's brilliant! Make it so easy to add a encryption to your webserver setup -that there's really no reson not to. Traditionally this has been both a -cumbersome and potentially expensive investment. At least for smaller stuff -like your average blog or community web site getting a certificate and setting -it all up has been a hassle. - -<!-- more --> - -So I really like the idea of Let's Encrypt, and since they've just launched -their [public beta program] in time for the renewal of one of my certificates -I decided to give it a spin. The process was surprisingly painless. - -The base Let's Encrypt program is already in the [FreeBSD ports collection], -so installing it was as simple as running: - - portmaster -P /usr/ports/security/py-letsencrypt - -There was quite a bit of dependencies to be installed, but the ports system -takes care of that, and portmaster helps make the process really smooth. A few -config options and 10 minutes later everything was built and installed. - -Next step was to generate the certificates. After a few misses I found the -right invocation: - - sudo letsencrypt certonly --webroot \ - -w /usr/local/www/my_rails_app_dir/current/public/ \ - -d mydomain.com -d www.mydomain.com - -Half a minute later I have my certificates in -`/usr/local/etc/letsencrypt/live/mydomain.com`. I just had to update the apache -config and everything worked right away. - -The Let's Encrypt website warns that you may have to shut down your webserver -while it does it's job. That was not neccesary in this case. It seems this is -only neccesary if you run with the `--standalone` option. The `--webroot` -and `-w` options on the other hand allows you to specify manually where -`letsencrypt` should put it's challenge files. - -The Let's Encrypt server then accesses these files using the regular webserver -you're already running. Since this particular domain runs a [Ruby on Rails] -app deployed using [Capistrano] I ended up with the path above. - -I had quite frankly expected that there should be more bumps. For one, this -*is* still a beta, and they do warn that there will be bugs on their website. -Further not all software developed for Linux runs equally smooth on FreeBSD, -but this time there was no need for worrying. - -The plugins for apache and nginx are not yet available in the ports tree -however, so I'm running things manually for now. - -[Let's Encrypt]: https://letsencrypt.org/ -[public beta program]: https://letsencrypt.org/2015/12/03/entering-public-beta.html -[FreeBSD ports collection]: https://www.freebsd.org/cgi/ports.cgi?query=letsencrypt&stype=all -[Ruby on Rails]: http://rubyonrails.org/ -[Capistrano]: http://capistranorb.com/ |