Some of my books i wrote for CTS GMBH (http://CTS.at) are published by them at DigitalBooks24. The full list of published books is available here.


Available at DigitalBooks24 here



Secure your Web server with free Let’s Encrypt Certificates

Guide to fully automate the process of creating and renewing certificates without the need of installing extra software.

Script based copy & paste solution for Linux, FreeBSD and Plesk.

Introduction SSL Certificates

In the past services offered on the Internet mostly was unencrypted and traffic was sent in clear text between server and user.

Times has changed now, spying on traffic and hacking is all around. Actually it needs less than a few minutes to have the first bots trying all of their exploit scripts against your IP address. Never think you are not important enough for hackers because in the first step bots operates on IP addresses without knowing who is behind this IP address. Things will be exploited pretty fast.

Traffic sniffing exploits usernames, passwords and sensitive data, making follow up attacks very easy and successful.

Traffic encryption with SSL certificates, combined with other prevention methods, using modern and state-of-the-art server technologies is a must for all servers providing services like web access.

To validate a certificate, they are signed by a Certificate Authority. Browsers like Firefox e.g. includes certificates of commercial authorities to be able to check the validity of the certificate. Without these certificates browsers would give a warning that they cannot identify the certificate of your server. This happens with so named self signed certificates too.

A warning like this is unacceptable for people visiting a website or any other service.

To operate publicly available services you need certificates signed by a known authority. You can buy them at different companies. Only those ones will let the browser show your URL in green without importing any additional CA root certificate.

For web servers accessible from the Internet “Let’s Encrypt” Authority offers free, if installed as intended, fully automated, certificates. These certificates are valid for 3 months. Receiving and renewing them can be done script based and fully automated.

Free, no paper work and fully automated if professional installed.

A lot of Let’s Encrypt client software is available making the use of Let’s Encrypt certificates very easy and straightforward.

Paranoid as I am, I don’t want to install extra software on any server just for updating certificates. Every added software package can be a security risk on a publicly available server especially if additional programming languages or interpreters are added.

After searching for a great solution a long time, I was able to handle everything only adding a shell script solution and finally wrote this e-book for you.

Table of Contents


Table of Contents

Legal Notes

Introduction SSL Certificates

Firewall Setup (Optional)

Description of firewall ports 8

Setup of this guide – Our Goal

Network setup 9

Our final setup 9

Prepare your operating system

FreeBSD 10

Linux 10

Linux & FreeBSD 11

Building Run_Certs.sh

Run_Certs.sh in detail (copy & paste it) 13

Creating our config file 14

Creating our domains.txt file 14

Prepare the web server

Preparing Apache for Run_Certs.sh 15

Create .well-known in document root 15

Create hook.sh

hook.sh for FreeBSD or Linux 17

hook.sh for Plesk servers 18

Plesk automation explained: 18

Create the first certificate

Configure Apache to use certificates

Checking Plesk servers

Automate the process of renewing

More Features

About The Author

Other Books By (Author)

Link List for this e-book

Let’s Encrypt – Project 28

Dehydrated Project 28

FreeBSD Project Page 28

Can I Ask A Favour ?

About The Author

Karl M. Joch is founder of CTS GMBH with more than 30 years experience in national and international projects. He worked in over 15 countries.

A CTS Solutions IT-Pro Book