Happened a few weeks ago but still awesome.

Me and a good friend have a website together but we don't monitor it too much.
He studied with me in the same class but went towards frontend/apps where I chose backend/servers/security. He knows how to do basic Linux stuff but that's about it.

We were at a party when he noticed that our site was offline. Walked over to me (because I manage the server) to notify me so I could look into it said I'd look into it (phone):
*visits site: nothing*
*online dig tool: got the server ip*
*remembered this one didn't have pubkey authentication - after three passwords attempts I'm in*

"service apache2 status"
*service doesn't exist*
*right, migrated this one from Apache to nginx....*
"history"
*ah, an nginx restart probably suffices...*
"service nginx restart"

BAM, site is reachable again.

*god damnit, lets encrypt cert expired...*
"history"
*sees command with certbot and our domain both in one*
"!892"
*20 seconds later: success message*
*service nginx reload*

BAM, site works securely again.

"Yo mate, check the site again"

Mate: 😶 w-w-what? *checks site and his watch* you started less than two minutes ago...?
Me: yeah..?
Mate: 😶 now this is why YOU manage our server and I don't 😐

His face was fucking gold. It wasn't that difficult for me (I do this daily) but to him, I was a God at that moment.

Awesome moment 😊

TGFLE - Thank God for Let's Encrypt

I respect what they're doing, and the certbot they offer.

Ah certbot you sexy pain in the ass.

# certbot renew
> "Error: unable to parse files ..."
> 2 certificates renewed.

🤔I don't know how you worked, but you keep working!!

Don't play with certificates on Friday.

Holy shit getting ssl is easy these days.o.o

I'm a "published" freelance dev!

Last night I made my first web application available to the internet. It's an internal enterprise management system for a small non-profit.

It's running on a single $6 a month digitalocean droplet, and the domain is $12 a year, so yearly cost for them is absolutely rock bottom.

It's written in asp.net 6.0 razor pages, nginx reverse proxy, certbot for HTTPS certificates, fail2ban for ssh protection (ssh login is via ssl keys), entity framework with MySQL.

The site itself has automatic IP banning based on a few parameters like login spam, uses JWT tokens, and is fully secured.

All together, it's a lot of value for about $100 a year.

Finally stopped procrastinating and setup my personal site with HTTPS!

Why didn't I do this ages ago?

Did anyone else notice how setting up a letsencrypt.org certificate for a domain became a lot easier as this year went on? Certbot + automatic renewal was set up in four commands on my RasPi, I remember it being more difficult to set everything up 🤔

could never figure out how to configure ssl because of google clouds insanely complicated documentation.

today i found a digital ocean guide that explains its a simple installation of certbot, run it once and set it to auto renew....

fuck you google

Set up an Ubuntu AWS ec2 instance running nodejs reverse proxied by nginx, kept running by pm2 and SSL provisioned by certbot.

I know that sounds like nothing but buzzwords but it really felt awesome to get a little node app stack sorted out!

I don't fucking understand why certbot never seems to renew my domains. I try everytime I get one of them anoyying emails but still fail.

Currently trying while watching the webroot and apache logs. Nothing fucking happens. Someone experience with these problems?

I found out that apache had built-in support ( via a module - mod_md ) for automatic TLS certificate management with Let's Encrypt since October 2017.

Bloody Hell! Why didn't I hear of this sooner?

So, I ran off into my cloud to set up this so-called ManagedDomain ( mod_md ).

Found the module in the package repositories, installed it and started testing it out.
I started writing IfModule conditions under mod_ssl so that I wouldn't have to overwrite my existing TLS configurations ( which was already issued by Let's Encrypt via certbot, by the way ).

After a whole night of twisting and turning with the configurations, it turns out that the module in the package repositories were built for ACMEv1 and that API has been dead for as long as the module has been around.

I had noticed that the module was 'experimental', but I still hoped that they had the packaged the module.

Finally, I cozied back up with certbot. At least, until this so-called mod_md becomes stable and mainstream.
I hope certbot doesn't make a fuss. I'm sure, it got offended that I was trying to cheat it with mod_md.

!help

Does anyone know how to use certbot on a Debian stretch azure web service app to generate an SSL cert?

I've got the cert generated and Apache to serve it but it's giving me errors.

I need to bind it in azure somehow but I can't figure out how to export the cert.