Ask HN: Easiest and least painful way of adding Lets Encrypt?

by turshija on 1/20/2017, 11:46 PM with 8 comments

I have a Debian box (LAMP) with some legacy PHP sites where I want to put Lets Encrypt SSL. What is the most painful way of doing that without disturbing any site that's currently running on it ? Is there any tool or script which does most of the job so that I don't have to fiddle a lot with Apache/PHP config and risk to break something ? Thanks

  • by patmcc on 1/21/2017, 12:48 AM

    https://caddyserver.com/ - Caddy works pretty nicely, and you should be able to use it as a reverse proxy in front of apache.

  • by codegeek on 1/21/2017, 12:26 AM

    Use this to get exact instructions for your setup:

    https://certbot.eff.org/

  • by stephenr on 1/21/2017, 5:04 AM

    Personally I use haproxy to forward all LE related requests to certbot in standalone mode.

    My email is in my profile if you want to try this and need some help.

  • by hackerboos on 1/21/2017, 8:23 PM

    You can use the certbot on your local machine and setup a txt record on the DNS of the domain.

    Let's Encrypt will verify ownership against that text entry.

  • by Emc2fma on 1/21/2017, 5:12 PM

    Warning for anyone trying to add Lets Encrypt to GCP - absolute nightmare. Would not recommend.

  • by kim0 on 1/22/2017, 1:09 AM

    kube-lego for kubernetes is just awesome!