Create SSL Certificate for your site using Let’s Encrypt

Let’s Encrypt is operated by a non-profit called Internet Security Research Group (ISRG). ISRG’s mission is to reduce financial, technological, and education barriers to secure communication over the Internet. It uses ACME to create the certificate for your environment which trusted all over the globe.

We learn how to Create a server and make website up and running in previous blog post, but creating server & website is not an enough in digital world. So, I am come up with blog post related to security of the website.

Nowadays, google is also considering site having SSL while ranking in search result.

It’s time for encrypted communications to be the default on the Web and Let’s Encrypt is going to make it happen. You can read more about becoming partner of Let’s Encrypt here.

I am assuming here that, you have latest server software installed on your environment. If you haven’t, you can install it using the following command.

For Ubuntu/Debian

sudo apt update
sudo apt upgrade

For CentOS

sudo yum update
sudo yum upgrade

Download or clone a let’s encrypt repository. Here I am assuming that you have git installed.

sudo git clone /letsencrypt
cd /letsencrypt

If your server has anything which is running on 80 port then, you need to stop that server software ie. stop apache2 or httpd. Otherwise, let’s encrypt will give you an error message or unable to generate the certificate. 

Create Certificate using letsencrypt command.

Let’s Encrypt automatically performs Domain Validation using a series of challenges. The CA uses challenges to verify the authenticity of your server’s domain.

Here is the syntax for letsencrypt-auto command.

letsencrypt-auto [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

You can also use multiple -d switch to specify the multiple domain, for which you want to generate the certificate. Here is command to generate the certificate. This command will generate the certificate for 6 months.

sudo -H ./letsencrypt-auto certonly --standalone -d -d

When you run the command it will ask you a series of question. Which include the administrative email address. Here administrative email address is very important in case you of any security notice or regain the certificate.

If all goes well then that process create a certificate for you.

Renew Certificate

You can renew same certificate by adding –renew-by-default switch in the command of create certificate. So, command to renew certificate is as following.

sudo -H ./letsencrypt-auto certonly --standalone --renew-by-default -d -d

You can also automate the certificate renewal using the Cron job, but for that, you need to have more knowledge about crontab.

Following is the command to renew the certificate non interactively.

./letsencrypt-auto renew

Add above command into the crontab file as following.

0 0 1 * * /opt/letsencrypt/letsencrypt-auto renew

Here you find the Integration guide for Let’s encrypt that you need to consider. Let’s encrypt has some rate limitation. So, please read both of the document before using it for your production. Thank You.

Create Azure Linux Virtual Machine and make website running

While moving my blog to Azure Virtual Machine, I found some complexity just because of Linux virtual machine. As a ASP.NET geek, I am not that much of aware about Linux and its management commands. So, I have decided to write the blog on how to make my first Hello World website in Azure Linux Virtual Machine. I am also planning to write the blog on installing ASP.NET 5 into Linux Virtual Machine.

Create Linux Virtual Machine into Azure Cloud

The first step into making your website up and live is creating Linux Virtual Machine into Azure Cloud. Hence, I am logging with my Azure Account. There are two methods to create Virtual Machine into Azure. First one is creating Virtual Machine using Quick Create. Quick Create is used when you are creating only one Azure Machine. Another way to create Virtual Machine is using From Gallery, and it will be used when you are a need into creating multiple Azure Virtual Machine with some advance settings.

Sign into Azure portal and Click on New at the bottom left of Azure portal, then Click on COMPUTE -> VIRTUAL MACHINE -> QUICK CREATE as shown into the image.

Create Azure Virtual Machine
Create Azure Virtual Machine

After clicking on Quick Create, you will be prompted for entering some information about Virtual Machine like DNS name, Image for VM, Size for VM, Username, password, and region. I am going to creating VM with webstackdemo DNS name, and I am selecting Ubuntu Server 15.10 as Image name to create Linux Virtual Machine. Just enter all information and click on CREATE A VIRTUAL MACHINE button. You have to wait for some time after clicking on CREATE A VIRTUAL MACHINE while new server is up and running. On successful creation, your will be prompt like Successfully created virtual machine webstackdemo.

Login into Linux Cloud Virtual Machine
After successfully creating the virtual machine, you can look at endpoints of the virtual machine in Azure Portal. There will be default endpoint with named SSH having 22 as private and public port. You can change port at any time to secure your Virtual Machine. You can find SSH Details to connect or login into your machine in Dashboard tab. To login with your windows machine you need SSH client for windows like PuTTY.

Now, open PuTTY client and enter hostname and port detail from SSH Detail and click on open.

PuTTY detail to login into Azure
PuTTY detail to login into Azure

Now, PuTTY will prompt for credential. Login with the credential that you have created while creating your Azure Machine.

Installing Apache2, MySql, and PHP
To run large data driven application you need to have Apache2, MySql, and PHP installed into the virtual machine. So, you must have root access. Type following command to switch to root user.

sudo su

In order to install the latest version of services, your packages list from repository should be updated. There is apt-get command in Ubuntu server to update package list from repository server. So, type the following command to update package list

sudo apt-get update

After update modules, type following commands to install Apache2, MySql, and PHP

sudo apt-get install apache2
sudo apt-get install mysql-server
sudo apt-get install php5
sudo apt-get install php5-mysql

While Installing the MySql you will be prompted to enter the password for MySql. After successfully installing all above services you can type the following command to check that MySql services properly installed.
mysql -u root –p
It will prompt you to enter the password to log in.

Setup Virtual Host for Apache2
Create directory structure for your website and to set up virtual host into Apache2. Consider that you are going to setup into apache. In order to create the directory structure for type following command.

sudo mkdir -p /var/www/

Now, Create file into that html directory for your, you can use touch command to create file and nano to edit that file. You can also upload it using FTP, but for now, I am not going to cover that. Type following commands to create and edit index file.

cd /var/www/
sudo index.html
nano index.html

Type some HTML into index.html and save index.html file. Apache2 should have proper permission on that newly created directory. You can use chmod to give 755 permission on /var/www/ directory. Now, Its turn to create virtual host file and configure Apache2 to point that directory for Apache has default virtual host file called 000-default.conf. Copy that file with the new name like Type the following command of copying the file the as the new name.

sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/

Open that file and edit it to add configuration related to domain. After editing your host file, it should look like

<VirtualHost *:80>
    DocumentRoot /var/www/
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

After creating host file, you have to enable host file into Apache2. You can use a2ensite command of apache2 to enable that and then restart Apache2.

sudo a2ensite

The final step for your site to up and running is to add endpoints into Azure Cloud portal. Go to your virtual machine and click on ENDPOINTS. Click Add button from the bottom and Add HTTP Endpoint having 80 public port and private port for your site, you can also configure the endpoint to use HTTPS with 443 port.

Now you can run into your favorite browser to check that everything is working.