Getting a free SSL certificate for my Ghost blog using letsencrypt and certbot
For some time I have been worried about the risk of someone snooping my username and password for editing my home-run Ghost blog.
If someone got hold of my username and password, they would be able to post on the blog. Not a good thing, right?!
My blog is running on the Ghost blogging-platform, hosted on my personal CentOS Linux server.
Ghost uses NodeJS for the internals, and between the browser user and NodeJS, I have the Apache HTTP server.
I have just enabled SSL on the blog, and it was extremely easy. Total work time was just under an hour.
I used the free Certbot tools and the free letsencrypt certificate authority.
So a quick overview of what needs to be done to get it working:
- Allow HTTPS traffic in any firewalls involved - to the web server
- Enable EPEL on CentOS Linux
- yum install certbot-apache
- certbot -apache
- Answer a few questions
After this, the server is running your site with HTTPS.
You should create a daily cron job that will renew the certificate(s).
I just created a file in /etc/cron.daily/certbotrenew
containing
- certbot renew