Skip to content

SSL Lets Encrypt

Jump to bottom
Matt Harley edited this page Dec 21, 2016 · 4 revisions

We are using Let's Encrypt for all of our free SSL needs.

Run certbot-auto

./certbot-auto certonly --manual -d www.pdpdmeetup.com

It will provide you with something like this. Don't press Enter yet!!:

Make sure your web server displays the following content at
http://www.pdpdmeetup.com/.well-known/acme-challenge/fWHI3SJWItBWKR9khrIM0ICS4ZzR0T6k-z0P84SksYM before continuing:

fWHI3SJWItBWKR9khrIM0ICS4ZzR0T6k-z0P84SksYM.k-xVmsE7cZ-Wwg6qxk25eUm0VvB44qhKruWYJOr_mjc

If you don't have HTTP server configured, you can run the following
command on the target server (as root):

mkdir -p /tmp/certbot/public_html/.well-known/acme-challenge
cd /tmp/certbot/public_html
printf "%s" fWHI3SJWItBWKR9khrIM0ICS4ZzR0T6k-z0P84SksYM.k-xVmsE7cZ-Wwg6qxk25eUm0VvB44qhKruWYJOr_mjc > .well-known/acme-challenge/fWHI3SJWItBWKR9khrIM0ICS4ZzR0T6k-z0P84SksYM
# run only once per server:
$(command -v python2 || command -v python2.7 || command -v python2.6) -c \
"import BaseHTTPServer, SimpleHTTPServer; \
s = BaseHTTPServer.HTTPServer(('', 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \
s.serve_forever()" 
Press ENTER to continue

Update (in your editor or a new terminal window) pdpdmeetup/templates/ssl.html:

qK36hUj09uX6GeARMsKWKxTbrzdPl8QBbDhPFTrV1WA.k-xVmsE7cZ-Wwg6qxk25eUm0VvB44qhKruWYJOr_mjc

And pdpdmeetup/urls.py:

# ...
                  url(
                      r'^\.well-known/acme-challenge/qK36hUj09uX6GeARMsKWKxTbrzdPl8QBbDhPFTrV1WA',
                      TemplateView.as_view(template_name="ssl.html")
                  )
# ...

Commit your code and push to heroku

git push heroku master

Once this has finished, Press ENTER to continue on the certbot-auto terminal

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/www.pdpdmeetup.com/fullchain.pem. Your cert
   will expire on 2016-12-27. To obtain a new or tweaked version of
   this certificate in the future, simply run certbot-auto again. To
   non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Update certs on Heroku

sudo heroku certs:update /etc/letsencrypt/live/www.pdpdmeetup.com/fullchain.pem /etc/letsencrypt/live/www.pdpdmeetup.com/privkey.pem

You'll get this message

Resolving trust chain... done
 ▸    Potentially Destructive Action
 ▸    This command will change the certificate of endpoint compsognathus-49737
 ▸    (null) from ⬢ pdpdmeetup.
 ▸    To proceed, type pdpdmeetup or re-run this command with
 ▸    --confirm pdpdmeetup

> pdpdmeetup
Updating SSL certificate compsognathus-49737 for ⬢ pdpdmeetup... done
Updated certificate details:
Common Name(s): www.pdpdmeetup.com
Expires At:     2016-12-27 00:35 UTC
Issuer:         /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
Starts At:      2016-09-28 00:35 UTC
Subject:        /CN=www.pdpdmeetup.com
SSL certificate is verified by a root authority.
Clone this wiki locally