Generate a Signed SSL Certificate

1. What is This?

If your website doesn't use SSL (HTTPS), then it is bad and wrong. Without SSL, someone on the network can see exactly what a user is doing on the site. For security, a trusted third party has to vouch for your public SSL key so that users know they are talking to your site. This page gives you easy-mode Linux commands to set up SSL.

2. Initial Configuration

First grab the client code.

git clone https://github.com/lukas2511/dehydrated.git
cd dehydrated

Next generate some config files using your $domain.

domain=yourdomain.net
echo 'WELLKNOWN=$PWD/public_html/.wellknown/acme-challenge' > config.sh
echo "$domain www.$domain" > domains.txt

3. Generating Keys

Use sshfs to mount our server's public_html directory on your local machine. The following generates SSL keys in certs/$domain/.

# Regenererate SSL keys.
rm -fr certs
mkdir -p public_html
sshfs $domain:public_html public_html
./dehydrated -c -f config.sh
fusermount -u public_html

Now install the keys. I have to go to http://$domain/cpanel, login, click SSL/TLS, click Manage SSL sites, select my domain, and then copy/paste the cert.pem and privkey.pem files into the Certificate and Private Key fields. The file contents can quickly be copied using the first two xsel command.

cd certs/*/
cat cert.pem | xsel -b
cat privkey.pem | xsel -b
echo 'nothing to see here' | xsel -b  # Clear the clipboard selection.

Don't forget to do a git pull origin master every once in a while to keep the client code updated.