Certbot (Lets Encrypt client)

Cerbot is now supported in SlickStack as a “backup” SSL mechanism. OpenSSL will always remain our default and preferred encryption tool because its native to Ubuntu and Nginx, very stable and easy, lightweight, requires no third parties, and is the most safe and secure method out there (self signed).

In this regard Cloudflare is such an incredible pairing with OpenSSL and a godsend of sorts.

However at the same time we don’t want to put all our eggs in one basket by relying on Cloudflare. Who knows what political, technical, or other issue will arise in the future, and after all Cloudflare is a commercial service provider and not open source software.

So every SlickStack server will now automatically request and generate a free Lets Encrypt certificate anytime ss-install is run.

However OpenSSL will remain the active cert unless ss-config options are changed to Certbot.

Because we want to completely eliminate Port 80 and HTTP, that means the Cerbot validation must occur over Port 443 (HTTPS). This is of course impossible, unless you are using their very messy DNS challenge option (unstable), or unless HTTPS is already signed.

Again this puts us back in the arms of Cloudflare and OpenSSL. So you must ensure Cloudflare is activated before running ss-install at all times.