A few weeks ago, my Internet router died suddenly.<\/p>\n
Not that much of an issue unless you use a custom box as a modem and you have your website hosted on it.<\/p>\n
The server I was using for this was a Fedora Core 9 machine. I know an ancient OS.<\/p>\n
The machine itself was not that old, I found about 4 years a cheap Intel 386 with ISA support so I replaced the really old server I had. I was able to migrate to the new box, I was running a hardware raid setup using an ISA card. Talk about making things complicated.<\/p>\n
I initially tried using a virtual server to have things running quickly, I had a backup of the server running on a VMware workstation however, I could not make it a go for reasons that may merit another blog.<\/p>\n
However, I had laying around my old media server, 4 Gb of ram and 500 GB of disk space. Too much space but that was the only thing I had. It only had one NIC but I found a USB to Ethernet dongle.<\/p>\n
This time I decided to use HAproxy to present my website and blog and have proper SSL certs for each.<\/p>\n
<\/p>\n
There are plenty of recipes if you Google them that walk you through on how to install HAproxy and use Cerbot.<\/p>\n
However, I had some issues when implementing those solutions. Not with the methodology per se but with syntax and the usage of the Cerbot application.<\/p>\n
My new modem is a Ubuntu server running version 20.0.4, it is a standard install running NetFilter, using NAT and dual-stack (IPv4 and IPv6).<\/p>\n
The web and blog servers sit behind it thus running either Apache or HAproxy as a reverse proxy was a must.<\/p>\n
After I had HAproxy up and running and testing that I could access my websites from the Internet, my attention turned to getting certs using Cerbot.<\/p>\n
The first issue I encountered was that unless you are using one of the plugins Cerbot supports, there is no way to obtain a wilcard certificate.<\/p>\n
The documentation also is not clear, it may look like you could in principle get a wildcard cert manually however that is not the case.<\/p>\n
Not a big deal I would have to manually obtain certs for my sites, so I try to get a cert for my blog first it failed. The issue was the syntax I was using. The articles I read had the wrong syntax.<\/p>\n
After some trial and error, I hit the correct syntax.<\/p>\n
sudo certbot certonly --standalone \\\r\n--preferred-challenges http -d www.example.com\u00a0 \\\r\n--non-interactive --agree-tos \\\r\n--email johnsmith@example.com\u00a0 --http-01-port=8888<\/pre>\nThe syntax above allowed me to obtain certs for both sites.<\/p>\n
The end result is that now I have both my website and blog using SSL certs.<\/p>\n
Of course, you need some way of renewing the certs and attaching the renewed certs, etc. but that will be the subject of another blog hopefully.<\/p>\n
Ciao.<\/p>\n","protected":false},"excerpt":{"rendered":"
A few weeks ago, my Internet router died suddenly. Not that much of an issue unless you use a custom box as a modem and you have your website hosted on it. The server I was using for this was a Fedora Core 9 machine. I know an ancient OS. The machine itself was not … <\/p>\n