I haven’t been here in a while. Quite a while ago I tried using Let’s Encrypt on my AWS Lightsail server and had a hard time with it. I eventually gave up and have used a commercial (low priced) cert for the past few years. It has been working well. I have occasionally run into some issues with while developing and RapidSSL (who I bought it from) has been useless. There typical answer is “ask the developer”, which is me.
Now I have purchased an Ubuntu laptop where I am hoping to do some additional development on my webapp locally. The uploading to AWS to develop was killing me! So my question is
Are there instructions specifically for Ubuntu 18 users for LE? I have found in my 1.5 year journey (with much pain due to using Bitnami) that I can often find instructs for Linux but the directories in the instructs are named slightly differently from my “stock ubuntu” configuration. This means I need to improvise which leads to hours and hours of trial and error, and frustration.
Will LE work without a domain, and if not, how do I create a domain for my laptop’s localhost server? I clearly have a domain (or two) that I use with AWS, but I sincerely don’t want to break my up and going AWS site through wrong headed trial and error. If it can’t be done on localhost, just say that and I’ll start saving the change in my pocket to buy another cert (if I have to), so I can continue testing. From my last experience with LE I know that you guys are superhelpful and knowledgeable and I want to make sure that what I am trying is possible before I pull the “rest of my hair out” trying it.
if you want to use a public trusted certificate, you need a public, worldwide unique domain name. Letsencrypt must check if you control the domain. Doing that via dns-01 validation you don't need a public visible webserver.
But if you are the only user of that domain: Create a self signed certificate and an exception in your browser.
To develop things: If you have a public visible website, create a subdomain dev.yourdomain.com, then a certificate with that name, then install the certificate local and add a hosts - entry dev -> 127.0.0.1
But if you are the only user of that domain: Create a self signed certificate and an exception in your browser.
That would be perfect! Do you know of any instructions of how to do that on Ubuntu? The only reason I need ssl on my personal server is because Oauth2 requires it!
Thanks. I did the search you recommended. The main issue I am having is that when creating the self signed cert I am required to give a Common Name, which should be the PUBLICALLY ACCESSIBLE IP address or domian. As I said this is localhost, 127.0.0.1. There is no public access. I am not sure if Common Name is just a placekeeper or it actually must be communicated with? If it must be communicated with from the outside world, I am not sure how to do that?
A self-signed certificate can have any value in the CN; it doesn’t need to be validated or confirmed by anyone else. It’s valid to create one for localhost.
Now create an exception in your browser or client you use.
I am super confused. I can get into my website at https://localhost/sub_crud. It brings up a "not secure" with a triangle and an exclamation point. It also crosses out the https in the browser address window. If I click on the Not Secure-view site information it says that
the certificate has been verified (see the image). Not that this matters since my real issue is with my Extension communicating with Google's server. Oauth2 REQUIRES that I use ssl on my server. At first I thought it was a problem with my Google credentials. How can I tell if my server is supporting ssl? Getting a message : NET::ERR_CERT_AUTHORITY_INVALID is not very comforting.
@richb201, a self-signed certificate is not automatically trusted by any software. It is, in fact, invalid by default. However, you can add trust to this certificate in a particular web browser (confirming that it’s the one that you personally intended to use for this purpose).
