NEW! Subscribe to our email newsletter » NEW! Subscribe to our FREE email newsletter to receive updates »

Let’s Encrypt (Certbot) Support Is Finally Here

January 2, 2020

Although we mentioned a few weeks back that so many customization options are now supported that it would be difficult to announce them all individually, the latest support for Let’s Encrypt via the Certbot installation API is such a big feature (and has been requested for many months) that we are making a specific blog post just for this.

We thought it was the perfect way to start off 2020 by announcing Let’s Encrypt support! 🙂

We have been testing it for several weeks to ensure it was not only stable implementation, but that it received a consistent A+ grade on the SSL Labs testing tool as well.

Keep in mind that the primary goal of SlickStack will always be simplicity and stability. We want it to “just work” so that various integrations can easily be added as desired, but that core features are extremely stable. This means that OpenSSL will always be the recommended SSL certificate, unless at some point in the future SSL validation becomes A LOT easier than it is now. While Let’s Encrypt has done a decent job at making SSL free and (kind of) easy to install, it is still a very long way from being truly simple and easy to setup. Therefore OpenSSL, since it is included by default in both Ubuntu, and Nginx, and since it does not require any third party CA signing, it will remain our preferred SSL method. We are simply very lucky that CloudFlare’s free SSL proxy “signs” the OpenSSL self-signed certs because no other SSL proxy services do this currently… we are hoping more will in the future, but not yet.

Thus, with all this in mind, SlickStack considers Let’s Encrypt to be a “backup” SSL method… or a temporary SSL method for testing and development. We expect and assume that before you generate a Certbot SSL on your domain, that CloudFlare is already activated on your domain. In this manner, OpenSSL + CloudFlare is required to be setup prior to requesting Certbot so that Certbot can properly verify your domain ownership via /.well-known/ before proceeding… since SlickStack is HTTPS (port 443 only) there is no way around this currently.

In the future, we plan to support the DNS verification API from Certbot. That said, again, OpenSSL and CloudFlare is still our recommended default.

Thanks for your patience and all your feedback… let us know if any issues on our repo, or Spectrum Chat … etc.

How we maintain both HTTP and HTTPS mirrors

GitHub Pages is an awesome feature that came out a few years ago on GitHub to allow for basic, static-file HTML websites to be hosted free of charge on GitHub. It can be a bit confusing to understand in the beginning, because you must connect one of your repos to be used for a given […]

Native Staging Sites (Optional) In Subdirectory

For the past several weeks, SlickStack has been testing our new Staging Site feature and it is now live on all SlickStack installations. If you use another staging service or simply don’t use staging at all and wish to disable staging sites, simply change your ss-config options to be STAGING_SITE=”false” and it will later remove […]

Adminer Bundled For Easy MySQL Management

The very lightweight Adminer script is now included by default in all SlickStack installations, hosted as a single adminer.php file under the /var/www/meta/ directory. This “hidden file” approach means a cleaner public web root, and less room for attacks and exploits. It uses the Nginx alias feature to point requests to to the /var/www/meta/adminer.php […]