The Woes Of Relying On SSL “Services”

I had struggled to get SSL up and running on my server for years. I could generate self-signed certs and use them no problem, but getting actual certs working seemed to elude me. For some time now, everyone uses the great certs, and I wanted in on that as well. About 6 months ago I finally got them working thanks to a link I found in a WordPress plugin I had installed for SSL within WordPress. I finally had gotten legit working (not self-signed) certs for my server through the website. It was great. All my woes attempting to get certbot working on Slackware virtually disappeared. It created my certs, I installed them and they worked great right away!

Only when I went to renew them this time as they expire in 10 days, I noticed the site had changed on me. No longer was the free (awesome) service I found to generate my certs there but a shell of that service now with tiered payment plans (for a FREE certificate CA, at that!) For my sitewide wildcard cert, they now wanted $50 a MONTH for a cert only good for 3 months! Fucking insanity. Some poor sap like me has likely been put in a hell of a bind as a result of this shady bullshit. How one can take a free software initiative and turn it into a for-profit scam is beyond me, but I find it repulsive. We all have to make money, I get it. But destroying a useful gateway to a free to anyone cert signing service is downright disgusting practice.

So now I had to really figure this cert stuff out. Within 10 days at that.

I must point out, I don’t really need SSL on this server, I do use it mostly for personal security and the security blanket it provides users who see that nice little green lock icon and know they are getting safe content when they come here. That’s worth something, I think.

My issues stem from using a Linux distro that basically no one in the Linux industry uses for actually running any kind of server. Since I use Slackware, I’m basically a black sheep in a crowd of other black sheep (That’s me in the corner…). So certbot or any of the other ACME clients out there are not tailored or even support the basic utilities of my OS, so getting anything even running is a miracle in and of itself.

But that is when I found a great write-up by Slackware guru AlienBob, It took most of my free hours the past two days to work through setting this all up and testing it with my config, but I’ve got it running at this point. It will be a few months before I see if all the cron jobs go off without a hitch and it renews everything for me, but this article was a complete lifesaver. I’m genuinely happy there are people out there writing this kind of content still. Most things I’ve had to go and dive into a hole and sink or swim with Slackware, and this is one time where I didn’t have to do that for a change, and I still walked away learning something.

So I’d just like to thank AlienBOB for the write-up and also for writing a script without 17 dependencies that finally enabled me to setup and maintain working SSL certs on this server. And as usual I’ve learned it best to stay away from a “free” service and just go learn it yourself, it’s more rewarding and always pays off in the end!

Leave a Reply

Your email address will not be published. Required fields are marked *