SSL certificate for AllStarLink
What is SSL
SSL (Secure Sockets Layer) is a security technology that establishes an encrypted connection between a web server (host) and a web browser (client). This encryption ensures that all data exchanged between the two remains private and secure, protecting against hackers, identity theft, and cyberattacks.
What you need
You will need a FQDN configured on your Raspberry Pi or your Router. I am using a Unify USG Ultra, and a free DDNS thru freemyip.com site.
FQDN setup
Go to [freemyip.com free my IP] website and register your domain name, which will be something like my_domain_name.freemyip.com
Save the generated token, there is no way te recover it if you loose it.
It will look like:
https://freemyip.com/update?token=your_unique_password&domain=my_domain_name.freemyip.com
USG Ultra DDNS setup
Go to Settings > Internet > Primary (WAN1) > Dynamic DNS > Create New Dynamic DNS and input the following data.
| New Dynamic DNS | ||
|---|---|---|
| Interface | WAN | |
| Service | freemyip | |
| Host Name | Any Name | |
| User Name | my_domain_name | |
| Password | your_unique_password | |
| Server | freemyip.com | |
Next, go to Settings > Application Firewall > Port Forwarding > Add Rule and forward port 443 Protocol TCP to your AllStarLink node Raspberry Pi IP address.
SSL certificate setup
In this case we are using Certbot which is free but requieres snapd and core. On your AllStarLink node type:
sudo apt update sudo apt install snapd sudo reboot sudo snap install core sudo snap install hello-world
Test the core running the hello world program.
hello-world
If succeeded, now install certbot.
sudo snap install --classic certbot sudo ln -s /snap/bin/certbot /usr/bin/certbot
And now, lets get a certificate.
sudo certbot --apache
It will ask you to input your previously generated FQDN at frremyip.com and your email.
Thats it, now you can go to your node website using your https address.