Last week I created a cert using the tools and service made available by letsencrypt.org, and then configured my NFS server to use it. It was pretty easy, but not documented. I’ll share here what I did to make it work.
I am able to SSH into the nearlyfreespeech server. I can also perform a git clone from that server to get the letsencrypt tools. But when I ran the letsencrypt-auto tool from the server, it didn’t do what I wanted it to do. This was my first time with the tool, and I’m unfamiliar with the options, so maybe it was just pilot error.
In any case, I solved it by running the tool on my Mac OSX machine and transferring the generated PEM files to the server.
- I ran git clone on my local workstation (Mac OSX)
- from there, I ran the letsencrypt tool with these options:
./letsencrypt-auto certonly --manual \ -d www.dinochiesa.net -d dinochiesa.net \ --email email@example.com
- follow the instructions. I needed to create endpoints on my NFS server that responded with specific values.
- when that completed, I had the cert and keys in PEM format. I then copied them to /home/protected/ssl on the NFS server
- opened a service ticket on NFS as per This FAQ
- a couple hours later, the NFS people had completed the SSL config for me
Maybe this will help someone else.
It’s possible that I could have used the –manual option on the NFS Server, and avoided the need to transfer files. Not sure. If anyone else has done this, I’d like to know. I will need to renew my certs every couple months.
I really pleased about the letsencrypt service. I hope it gets used widely.