Ssh On Tommy

[albrox]

I've read that Tommy supports SNI and as such certificates from Let's Encrypt can be installed free of charge: http://www.helionet.org/index/topic/26572-will-heliohost-support-lets-encrypt/.

 

Could somebody please point me in the right direction as to how to actually a certificate up and running? I've been looking around for a while but all the Let's Encrypt tutorials I can find require either SSH access to the server or some sort of cPanel plugin, neither of which are available options as far as I can tell. Installing the certbot client on a local Linux machine and attempting to generate a certificate from there didn't seem to work either.

 

Anyway, seeing as it seems to be possible based on the link above, I thought I would reach out to see if anyone has got this working and could lend a hand - I'd really appreciate it. Maybe I'm just missing something obvious. Any ideas?

 

[wolstech]

You have to generate the cert yourself and upload it in cpanel since we don't support doing it in SSH or cpanel. You're on the right path trying to get certbot running on a Linux box. I don't know of anyone here who has discussed the process though.

[Krydos]

The easiest way is to use a gui type site tool like https://zerossl.com/free-ssl/#crt They use Let's Encrypt under the hood. First type in your domain and follow the easy steps. Use the cpanel filemanager https://tommy.heliohost.org:2083/frontend/paper_lantern/filemanager/index.html to create the .well-known/acme-challenge folder and the random character file with random character content to prove you own the site. Then zerossl will generate your private key, public crt, and your chain file so you can just copy paste it directly into https://tommy.heliohost.org:2083/frontend/paper_lantern/ssl/install.html One tricky thing is they give you the .crt and the .ca in the same box so if you scroll down half way you can see the divider since cpanel wants the three files seperately. You can check if it's correctly installed with this tool https://www.sslshopper.com/ssl-checker.html

Let me know if you need more detailed instructions. If you'd like http://wiki.helionet.org/ access to write up an official tutorial with pictures and step by step instructions as you work your way through the process that would be amazing.

[albrox]

Great, cheers Krydos! Your instructions look nicely detailed and I'll give it a shot tomorrow. As I go I'll take some screenshots and notes. Then if I manage to get through the process successfully I'll let you know - I'd be more than happy to write up a tutorial. If I can't get SSL working, I'll ask for more details.

[albrox]

Hurrah! I got it working. It wasn't entirely smooth sailing though. In the SSL/TLS section of cPanel there are four sections. It turns out only the fourth section "Manage SSL sites" is the only page that is needed (also, even with your advice I stumbled over the crt and ca combination). I am definitely keen to help share this knowledge and would be grateful if you could suggest the best way/location to upload a tutorial to the wiki.

 

Next step is to see if I can get this working on a Linux box. That way, the 90-day renewal can be automated easily. For now, though, ZeroSSL seems to have done the trick thank you!

[Krydos]

Create an account at http://wiki.helionet.org/ and post the username here so I can promote you and then you can create/edit pages.

[albrox]

Created! Username is albrox. I'll create a new page and write up the tutorial when I have a moment.

[Krydos]

Wiki access granted. Let us know if you have any questions or need help.

[albrox]

Great, all set thank you. I thought I'd just run my plan by you just to make sure I don't break anything. Here's what I thought would be a useful way to approach things:

1. Create a new page called "Setting up SSL on Tommy with Let's Encrypt" and add tutorial content.
2. Edit the existing "Using SSL" page, splitting it into the headings: "SNI (Tommy)", with a short description and link to the tutorial; and "Static IP" basically containing the current content. I would also add a quick explanation at the top of the article explaining the difference between the two sections.

Let me know what you think and if it's all good I'll get going.

[Krydos]

Sure, sounds good.

[albrox]

Hey Krydos, I'm trying to upload some screenshots to the wiki but having some difficulties. I get this error message:

Any ideas?

[Krydos]

Thanks for letting us know. There were some permission issues on the wiki directories. Can you upload your images now?

[giteshss2]

The easiest way is to use a gui type site tool like https://zerossl.com/free-ssl/#crt They use Let's Encrypt under the hood. First type in your domain and follow the easy steps. Use the cpanel filemanager https://tommy.heliohost.org:2083/frontend/paper_lantern/filemanager/index.html to create the .well-known/acme-challenge folder and the random character file with random character content to prove you own the site. Then zerossl will generate your private key, public crt, and your chain file so you can just copy paste it directly into https://tommy.heliohost.org:2083/frontend/paper_lantern/ssl/install.html One tricky thing is they give you the .crt and the .ca in the same box so if you scroll down half way you can see the divider since cpanel wants the three files seperately. You can check if it's correctly installed with this tool https://www.sslshopper.com/ssl-checker.html

Let me know if you need more detailed instructions. If you'd like http://wiki.helionet.org/ access to write up an official tutorial with pictures and step by step instructions as you work your way through the process that would be amazing.

 

Thanks a lot Krydos!!!!

You detailed post helped me too for installing SSL on my domain - PERFECTLY!!

I thank you for your work!

Thank you albrox for the topic!

[albrox]

Thanks for letting us know. There were some permission issues on the wiki directories. Can you upload your images now?

Sure can! Thanks for fixing.

[albrox]

Quick update: I've made the changes to the wiki so feel free to take a look and make any changes (or let me know, and I'll get onto it).

• Created new page at http://wiki.helionet.org/Installing_an_SSL_Certificate_on_Tommy_with_ZeroSSL .
• Edited page at http://wiki.helionet.org/SSL .