Adding SSL using certbot and letsencrypt
Normally, things do not work this easily and I am still waiting for a catch.
*Note* They do not however recommend these types of certs if you are hosting a business application that is involved with user privacy information, credit cards, etc.
After reviewing quite a few articles I decided for webmail, I would not pay for an additional cert.
I currenly have multiple SAN certs which cost a few hundred dollars per year.
Since this is mostly experimental, I am trying the free route.
To begin, you should probably check out additional details on
LetsEncrypt.org
This will explain the process.
The first thing I noticed in the instructions was the pointer for the ACME client called certbot.
You can find out more by clicking the link to certbot on letsencrypt.org.
For Raspberry Pi Buster you need to go to
Buster-Apache instructions page.
In a nutshel, you install the client on your Pi.
sudo apt-get install certbot python-certbot-apache
This will take a little while and download a slew of items.
Once everything has been downloaded, your next command is:
sudo certbot --apache
This will fire off a list of actions and questions. The main thing you need to make sure you have correct is your webserver FQDN or Fully Qualified Domain Name.
This can be something like webmail.mysight.com where mysight.com is the name of your domain.
You will need to have registered an A record in DNS for your FQDN that points to your server IP.
You should also have MX records on your domain that point to your server IP as well.
What is really SWEET with certbot is that it does the entire apache setup for you!
If everything is set on the DNS side of the fence, after a few simple questions, the installation proceeded, I agreed with the letsencrypt terms, answered a few more questions to cerbot and it completed without ANY issues!
The new SSL URL worked perfectly and there are no cert warnings in Chromium.
After paying so much for normal certs, I would certainly recommend sending a donation to these two fine organizations, it worked flawlessly.
