Lets Encrypt

On CentOS 7, enable the optional channel for the EPEL repository:

yum -y install yum-utils
yum -y install epel-release

Then install certbot:

yum install certbot

Pound as SSL proxy
Edit /usr/local/etc/pound.cfg to redirect Certbot verifications:

Pound SSL Proxy

SSL Encryption
Create a private key to encrypt a site:

mkdir -p ~/.ssl/pound
cd ~/.ssl/pound

Generate an RSA private key for the server:

openssl genrsa -out server.key 2048

Then create the Certificate Signing Request file, or CSR.


Self-Signed SSL Certificates

A self-signed certificate is an identity certificate that is signed by its own creator, rather than paying a certified third-party to sign it.

Instructions adapted from

Rather than paying for an SSL certificate from a signing authority, we'll use a self-signed certificate to provide encryption in Apache. The client's web browser will prompt them to whether the certificate should be accepted or not - if that is going to be a problem, then you'll need to get a certificate from a recognized signing authority.

Create a directory, readable only by root to hold our working files:

mkdir ~/cert
chmod 600 ~/cert
cd ~/cert


SSL with Lighttpd

Use SSL encryption on your Lighttpd webserver.

Lighttpd installation
Lighttpd needs to be configured and compiled with SSL enabled:

./configure --with-openssl
make install

After lighty has been installed, you can confirm that it has been compiled with ssl enabled:

lighttpd -v

SSL Configuration


Secure Drupal login

Make Drupal encrypt your login with SSL.


Port 465

An SSL-encrypted SMTP service so your users can send mail through your server without passing clear-text passwords across the network.

Set up the service directory, download John Simpson's SMTP run script, and set it's permissions:

cd /var/service
mkdir -m 1755 smtp-ssl
cd smtp-ssl
mv service-qmail-smtpd-run run
chmod 700 run

Edit /var/service/smtp-ssl/run and set the appropriate options:



SSL Encryption

Secure communication with your web server by using self-signed SSL certificates.

The typical method of enabling SSL encryption in Apache is to use mod_ssl. A downside of that approach is that SSL does not work with name-based Virtual Hosts (Why can't I use SSL with name-based/non-IP-based virtual hosts?).


Subscribe to RSS - ssl

Recent Updates

  • 1 year 10 months ago
  • 1 year 10 months ago
  • 1 year 10 months ago
    php 8.x
  • 1 year 10 months ago
  • 1 year 10 months ago
    Drop Centos 5/6 stuff