https://chengl.com/tags/lets-encrypt/Recent content in Let's Encrypt on Random MusingsHugoen-usCheng LongSun, 05 Jul 2020 05:49:02 +0000https://chengl.com/post/lets-encrypt-intranet/Sun, 03 Sep 2017 14:33:24 +0000https://chengl.com/post/lets-encrypt-intranet/<p><a href="https://letsencrypt.org/">Let&rsquo;s Encrypt</a> (LE) has been a popular choice to get certs for public websites. Because it&rsquo;s free and automated. But how to get certs for <strong>private</strong> websites, which are common in company&rsquo;s intranet?</p> <h2 id="problem">Problem</h2> <ul> <li>There&rsquo;s a web app in your company&rsquo;s intranet.</li> <li>The web app has a fully qualified domain name (FQDN), e.g. <strong>foo.example.com</strong>, not an internal one like <strong>foo.internal</strong>.</li> <li>It only resolves to a private IP behind VPN. Therefore, it&rsquo;s inaccessible without a valid VPN.</li> <li>You want to add an extra layer of security by enabling HTTPS.</li> </ul> <p>How to get a cert for it? And how to automate it and get it for free?</p>https://chengl.com/post/lets-encrypt-nginx/Sun, 31 Jan 2016 08:41:00 +0000https://chengl.com/post/lets-encrypt-nginx/<p><em>Update [2017 Aug 5]: Certbot has been developed by EFF and others as an easy-to-use automatic client that fetches and deploys SSL/TLS certificates. I would recommend using <a href="https://certbot.eff.org/">it</a>.</em></p> <h2 id="why">Why</h2> <p>Since you are here, you probably know what <a href="https://letsencrypt.org">Let&rsquo;s Encrypt</a> is and why it exists. If not, below is an executive summary (copied from <a href="https://letsencrypt.org/howitworks/">here</a>):</p> <blockquote> <p>Anyone who has gone through the trouble of setting up a secure website knows what a hassle getting and maintaining a certificate can be. Let’s Encrypt automates away the pain and lets site operators turn on and manage HTTPS with simple commands.</p>