Author Topic: Let's Encrypt Certs  (Read 867 times)

0 Members and 1 Guest are viewing this topic.

Offline 92merc

  • BismarckWeather.net
  • Forecaster
  • *****
  • Posts: 1308
  • BismarckWeather.net
    • BismarckWeather.net
Let's Encrypt Certs
« on: May 18, 2020, 05:21:02 PM »
I currently get my Let's Encrypt cert through SSLForFree.   Well I just got an email stating SSLForFree has "teamed" up with ZeroSSL.  Some other company I haven't heard of.  But because of this, I had to create a new login to SSLForFree.  After doing that, there is a whole new interface, I'm assuming because of ZeroSSL.

But here's the crappy part.  WildCard certs are no longer free.  They want $50 a MONTH to support it.  Unless I'm reading this wrong, SSLForFree just screwed everyone over.

The same old LE certs for 90 days are still there.  But wildcards are now a "Pro" feature requiring $$$.  But now that means I'll need to do 2 cert renews.  Not a horrible deal.  But still a crappy deal...
https://www.BismarckWeather.net
Davis VP2, Cumulus, WeatherDisplay, Blitzortung, Saratoga Scripts, NOAA Stream via PI

Offline ConligWX

  • Forecaster
  • *****
  • Posts: 836
  • #conligwx
    • conligwx.org
Re: Let's Encrypt Certs
« Reply #1 on: May 18, 2020, 05:57:09 PM »
What web hosting service do you use? you maybe able to automate it.

I use LEgo to automate my Cert for my weather site using LEgo and a bash script and cronjob.  another site I use cpanel to get the cert automatically created.

SSL4Free was good, I used it before automating the process. It is possible to automate your certs with LEgo or Cetbot scripts directly with Let's Encrypt.
Regards Simon
Davis Vantage Pro2 Plus (6162UK) • Daytime FARS • WeatherLink Live • AirLink • PurpleAir PA-II-SD • CumulusMX •


Offline 92merc

  • BismarckWeather.net
  • Forecaster
  • *****
  • Posts: 1308
  • BismarckWeather.net
    • BismarckWeather.net
Re: Let's Encrypt Certs
« Reply #2 on: May 18, 2020, 06:03:18 PM »
Right now, GoDaddy.  So I'm screwed there.  They won't go LE...
https://www.BismarckWeather.net
Davis VP2, Cumulus, WeatherDisplay, Blitzortung, Saratoga Scripts, NOAA Stream via PI

Offline Maumelle Weather

  • Forecaster
  • *****
  • Posts: 1824
    • Maumelle Weather
Re: Let's Encrypt Certs
« Reply #3 on: May 19, 2020, 11:06:37 AM »
Check here. Have used them for the last 8 years and LE certs are free and fully automated.
GR2AE, GR3, Cumulus

Offline 92merc

  • BismarckWeather.net
  • Forecaster
  • *****
  • Posts: 1308
  • BismarckWeather.net
    • BismarckWeather.net
Re: Let's Encrypt Certs
« Reply #4 on: May 19, 2020, 11:51:42 AM »
My plan is to switch to ICDSoft when my GoDaddy hosting expires.  But until then, I did figure out a plan.  I got my wildcard and it was free.

I was able to find a program for Windows called Certify the Web.  The cool part is it talks to GoDaddy directly.  For WildCard Certs, one of the somewhat easier way to get those is via DNS record changes.  This program is able to use the GoDaddy API to obtain them.  Once I setup the API, the CtW program did all the work.

The bad part is that CtW currently only gives you a PFX file.  GoDaddy uses cert.crt and private.key files.  So I had to figure out how to install and use the OpenSSL program on Windows.  I then run a couple of commands to get my files.  I was able to use those files on my NGINX proxy server I use for my NOAA broadcast.  I also uploaded them to GD.  So I do have a process figured out.  Overall about as much work as before.  Just different.

The one thing I wonder with ICDSoft is if I can download the CRT and KEY files after they update them.  I'd need those for my NGINX server at home.
https://www.BismarckWeather.net
Davis VP2, Cumulus, WeatherDisplay, Blitzortung, Saratoga Scripts, NOAA Stream via PI

Offline ConligWX

  • Forecaster
  • *****
  • Posts: 836
  • #conligwx
    • conligwx.org
Re: Let's Encrypt Certs
« Reply #5 on: May 19, 2020, 12:47:45 PM »
Are you able to install Lego on your GoDaddy account via terminal perhaps.

I googled "GoDaddy and Lego" together, and seen that there are some scripts on GitHub that could help you possibly.

Sent from my GM1913 using Tapatalk

Regards Simon
Davis Vantage Pro2 Plus (6162UK) • Daytime FARS • WeatherLink Live • AirLink • PurpleAir PA-II-SD • CumulusMX •


Offline 92merc

  • BismarckWeather.net
  • Forecaster
  • *****
  • Posts: 1308
  • BismarckWeather.net
    • BismarckWeather.net
Re: Let's Encrypt Certs
« Reply #6 on: May 19, 2020, 01:15:36 PM »
From what I've researched, I don't believe so.  That's because I'm on the cheaper shared hosting.

I have about a year left.  Unless they offer me a hell of a deal, I'll be switching to ICD...
https://www.BismarckWeather.net
Davis VP2, Cumulus, WeatherDisplay, Blitzortung, Saratoga Scripts, NOAA Stream via PI

Offline Fox_Of_The_Wind

  • Forecaster
  • *****
  • Posts: 483
  • Hi there!
    • http://www.desotowiwx.com
Re: Let's Encrypt Certs
« Reply #7 on: May 19, 2020, 02:50:46 PM »
From what I've researched, I don't believe so.  That's because I'm on the cheaper shared hosting.

I have about a year left.  Unless they offer me a hell of a deal, I'll be switching to ICD...

If you can. keep this thread updated. or make a new one. I was the one that posted my thanks to your youtube video on how to get the lets encrypt to work with godaddy. now with what they did I may also move. I will not pay godaddy anymore money.

Is ICD ICDSoft?

Anthony

Offline 92merc

  • BismarckWeather.net
  • Forecaster
  • *****
  • Posts: 1308
  • BismarckWeather.net
    • BismarckWeather.net
Re: Let's Encrypt Certs
« Reply #8 on: May 19, 2020, 02:57:20 PM »
Yep, ICD Soft.  They've been good to many a forum member.

If you don't need more than one certificate, I'm sure SSLForFree will still work.  And I could have gone to my old way of 3 certs for my 3 sites.  I just liked having my wildcard cert method.
https://www.BismarckWeather.net
Davis VP2, Cumulus, WeatherDisplay, Blitzortung, Saratoga Scripts, NOAA Stream via PI

Offline saratogaWX

  • Administrator
  • Forecaster
  • *****
  • Posts: 9257
  • Saratoga, CA, USA Weather - free PHP scripts
    • Saratoga-Weather.org
Re: Let's Encrypt Certs
« Reply #9 on: May 19, 2020, 02:59:03 PM »
Slightly off topic, but with my two separate VPS (1and1/ionos Virtual Cloud Hosting), the respective Plesk control panels have get/auto-renew Let's Encrypt certs (including wildcard).  All my sites (and WXforum.net) use Let's Encrypt with auto-renewal.

I too, had issues when I hosted the Southwestern network on GoDaddy.. I'd used SSLforfree instructions to manually do all that stuff.
Became a real pain, so I moved that network to my Ionos hosting, and just keep several domain names at GoDaddy, but no actual hosting.  Turned off auto-renew on the hosting contract.  You don't get a refund (AFAIK) for early cancellation.
Ken True/Saratoga, CA, USA main site: saratoga-weather.org
Davis VP1+ FARS, Blitzortung RED, GRLevel3, WD, WL, VWS, Cumulus, Meteobridge
Free weather PHP scripts/website templates - update notifications on Twitter saratogaWXPHP

Offline ConligWX

  • Forecaster
  • *****
  • Posts: 836
  • #conligwx
    • conligwx.org
Re: Let's Encrypt Certs
« Reply #10 on: May 19, 2020, 03:03:44 PM »
likewise ken I use ssl4free manually until I had a solution I could run myself in a cron job. it just works now.
Regards Simon
Davis Vantage Pro2 Plus (6162UK) • Daytime FARS • WeatherLink Live • AirLink • PurpleAir PA-II-SD • CumulusMX •


Offline Fox_Of_The_Wind

  • Forecaster
  • *****
  • Posts: 483
  • Hi there!
    • http://www.desotowiwx.com
Re: Let's Encrypt Certs
« Reply #11 on: May 19, 2020, 03:07:54 PM »
Yep, ICD Soft.  They've been good to many a forum member.

If you don't need more than one certificate, I'm sure SSLForFree will still work.  And I could have gone to my old way of 3 certs for my 3 sites.  I just liked having my wildcard cert method.

I have 4 domains so I will need more then one certificate.

Slightly off topic, but with my two separate VPS (1and1/ionos Virtual Cloud Hosting), the respective Plesk control panels have get/auto-renew Let's Encrypt certs (including wildcard).  All my sites (and WXforum.net) use Let's Encrypt with auto-renewal.

I too, had issues when I hosted the Southwestern network on GoDaddy.. I'd used SSLforfree instructions to manually do all that stuff.
Became a real pain, so I moved that network to my Ionos hosting, and just keep several domain names at GoDaddy, but no actual hosting.  Turned off auto-renew on the hosting contract.  You don't get a refund (AFAIK) for early cancellation.

I was looking at dreamhost a week or so ago. but I thought I had a good thing with godaddy. But it looks like I might have to change my ways.

How do you like 1and1/ionos? I know you use  Virtual Cloud Hosting (stuff that is over my head) But so far so good?

Anthony

Offline saratogaWX

  • Administrator
  • Forecaster
  • *****
  • Posts: 9257
  • Saratoga, CA, USA Weather - free PHP scripts
    • Saratoga-Weather.org
Re: Let's Encrypt Certs
« Reply #12 on: May 19, 2020, 03:34:12 PM »
I'll admit that hosting a dedicated virtual server is a good deal more complex than just hosting a website on a shared webserver.

The VPS gets you a main control panel that sets up/controls the virtual hardware .. you can select which operating system to use and when you sign up, you select the number of virtual CPUs, memory and SSD space that's available.  The one for WXforum is a Virtual Server L (2 CPU, 2GB RAM, 80GB SSD) and my personal one is a XL (4 CPU, 8GB RAM, 160GB SSD), which is overkill but I've plenty of room to play with extra sites.  Neither server is 'stressed'.  Both are running CentOS7 OS, Apache, NGINX with configuration controlled by Plesk Obsidian 18.0.27 (a cPanel-like app) that allows configuration of all the websites.
One real advantage to having a VPS, is your tech support call is handled by a unix geek, not a first-call response center reading a script.  That, alone, was a major incentive for me to switch to the more complicated hosting.
Yes, you do need to be skilled in server admin tasks (I'd had that from work before retirement), so it's not for folks unwilling to study-up and become proficient in basic server operation (and security concerns).  Also, with the VPS, you get one IPV4 address (IPV6 not available), and pay extra $5/mo for Plesk control.  For the real unix geeks, you can omit Plesk and just ssh to the server and use the cli to install Ubuntu, CentOS, etc as you like .. the main control panel gives you root access to the virtual iron for pressing 'reboot'.
Ken True/Saratoga, CA, USA main site: saratoga-weather.org
Davis VP1+ FARS, Blitzortung RED, GRLevel3, WD, WL, VWS, Cumulus, Meteobridge
Free weather PHP scripts/website templates - update notifications on Twitter saratogaWXPHP