Let's encrypt!

Introduction

I am using fabric to automate the installation and configuration of my server. I use Python for a lot of things, and the more I can do in one language the more proficient you get in that language. So when looking for a tool to allow scripting of software installation, fabric and cuisine were a natural fit for me.

I might blog on that in the future, but for now, I would like to start with enabling SSL on a webpage that is served using Apache.

Why SSL?

Normal web traffic is unencrypted. This means that anyone between your machine and a web server is able to look at the content you are requesting from the server. And with the revelations of Snowden, we know that this actually happens a lot. So let's make the internet a better place by encrypting the connections from our servers. For a blog it might not even make too much sense, but as you will notice I host more services for myself and those I really want encrypted. Previously, I used self signer certificates, but those are not recognised by the browsers and other software might not always support self signed certificates.

Let's encrypt

Enter Let’s Encrypt. Let’s Encrypt is a free, secure and automatic way to get SSL certificates that are recognised by all modern browser and operating systems.

They provide open source tools to automatically retrieve and install the certificates on your server.

In this post, I will show the Fabric script I have created and explain the structure of the script.

I basically follow the guide lines mentioned here.

The fabric script looks like this:

from fabric.api import *
from cuisine import *

def configure():
    install_packages()
    clone_git()
    cleanup()

def install_packages():
    package_ensure("git")

def clone_git():
    run("mkdir /tmp/git")
    with cd("/tmp/git"):
        run("git clone https://github.com/letsencrypt/letsencrypt")
    with cd("/tmp/git/letsencrypt"):
        with mode_sudo():
            run("./letsencrypt-auto")

def cleanup():
    run("rm -rf /tmp/git")

Just call the configure function using:

fab -f letsencrypt.py configure.

Happy encrypting!