Skip to content

Let's Encrypt

Created: 2022-04-06 19:33:55 -0700 Modified: 2022-04-06 19:46:35 -0700

(kw: letsencrypt, let’sencrypt)

I ran these instructions when I wanted to set up https:// and wss:// servers on a GCP VM. They come from here. It involves CertBot. This should not take a long time to set up as long as you follow the instructions and know how to let Let’s Encrypt hit your machine without the firewall stopping it.

  • sudo apt install snapd
  • Restart your session (I killed all screen windows)
  • sudo snap install core
  • sudo snap install hello-world
  • hello-world
  • sudo snap install core; sudo snap refresh core
  • sudo snap install —classic certbot
  • sudo ln -s /snap/bin/certbot /usr/bin/certbot
    # The following is only because of my specific setup so that I wouldn't have to set my PATH for my sudo user. Unalias it if you run into any issues like "env: No such file or directory".
    alias sudo='sudo env PATH=$PATH'
  • sudo certbot certonly —standalone
    • Try with —test-cert first so you don’t blow through your rate limit of 5/hour
    • It will automatically start its own webserver to serve the well-known challenge file (something like Do not try serving this yourself! CertBot will handle it for you. If it can’t connect, then you may have to open firewall ports, change iptables, change your nginx configuration, etc. This is why you should use “—test-cert” at first, but remove the flag once you’ve confirmed it works.
  • From here, you’ll get cert.pem and key.pem files in /etc/letsencrypt (check the output of CertBot to see exactly where they were put). You can easily use these to start an https:// server, even for websockets (see this example. Note that I didn’t have to handle “upgrade” events at all for the April Fool’s 2022 code, although I don’t have it anymore since I only wrote it on the VM that I terminated).

This happens when the certificate doesn’t chain to a trusted authority. In other words, you almost certainly tried using a —test-cert certificate when you meant to use a production one.