LetsEncrypt

This weekend, I decided to try the EFF’s LetsEncrypt certificates. It was easy for Apache, not as well worked out for Postfix/Dovecot.

My self signed certificates on a couple of my Linux boxes have been torturing me when using Apple Mail. Apple is doing the right thing trying to warn you about self signed certificates.

I tried to go straight to the EFF email solution STARTTLS. After fumbling around with that for many hours, I decided I would get Apache working and then tackle Postfix/Dovecot. I don’t really want Apache on these boxes nor do I want them exposed directly to the internet, but it seemed like a good way to start understanding LetsEncrypt.

I cleared out all the Apache stuff that I had played with previously on a Debian system, reinstalled Apache2, and used these instructions to get the LetsEncrypt certificate installed:

https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04

I looked at a number of different pages about LetsEncrypt and this set of instructions seemed straight forward.

I poked a hole in my firewall for apache, which was necessary for LetsEncrypt and setup a public DNS entry for that Debian box.

The Apache certificates installed painlessly.

Next I tackled the Postfix/Dovecot certificates. I ended up using this set of instructions:

https://www.upcloud.com/support/secure-postfix-using-lets-encrypt/

This took more fumbling around but it works and now my Apple mail is happy with reading mail from my main Debian box.

I decided to leave the Debian box with the default web page up overnight in case I discovered something that would require re-doing the certificates.  Oh wow! The internet is a dangerous place. I thought nobody would notice my Debian box. The logs this morning were just full of random IP addresses trying all sorts of non-existant URLs, most ending in “.php”. I was glad I had cleared out all my old experiments and reinstalled Apache. I had what I wanted, so I turned off all external access again.

For Apache, LetsEncrypt is easy. I’m am going to play more with STARTTLS and see if I can find a way to make easy to do. Maybe I’m just misunderstanding something.

Plug for SportsTalkDM.com

This is a shameless plug for my cousin’s boy Daniel.

Daniel has been quoting sports scores to me since he was 6 or 7 years old. I think he got his iPod when he was about 8 and he would sit in his room with his little miniature NFL helmets in front of him and make videos of himself commenting on upcoming football matches. A few weeks back, the now 14 year old Daniel asked me, what I would use to make a website.  Since then he has created a website, SportsTalkDM.com, Sports Talk with Daniel, and a Patreon page, Patreon.com/sportstalkdm and posted a bunch of content. I think his NFL article is pretty good for a 14 year old. Like most first time web authors, he is watching for every page view. I haven’t helped him to this point, but I probably will this weekend, since adding the Javascript for Google AdSense has got him stumped. I would appreciate if anyone could click on his page. He doesn’t have feedback or anyway to comment on his main site, but you can comment and like on his Patreon page. I think this is pretty good and I want to try to encourage him.