Install Free LetsEncrypt Certificates on WebFaction

Let’s walk through the process of using Let’s Encrypt Free SSL Certificates on WebFaction:


Part1: Install and Configure “letsencrypt-webfaction” on Your Server:

Step 1) Visit Will-in-wi’s “letsencrypt-webfaction” repository at github and read through the documentation to get a grasp of the software you’re installing.

Repo: https://github.com/will-in-wi/letsencrypt-webfaction
Wiki: https://github.com/will-in-wi/letsencrypt-webfaction/wiki

Step 2) Login to your server via SSH and run the following command to install the letsencrypt_webfaction package via the RubyGems package management site:

GEM_HOME=$HOME/.letsencrypt_webfaction/gems RUBYLIB=$GEM_HOME/lib gem2.2 install letsencrypt_webfaction

Step 3) Add the following to ~/.bash_profile (using, for example, an FTP client or your favorite text editor):

function letsencrypt_webfaction {
    PATH=$PATH:$GEM_HOME/bin GEM_HOME=$HOME/.letsencrypt_webfaction/gems RUBYLIB=$GEM_HOME/lib ruby2.2 $HOME/.letsencrypt_webfaction/gems/bin/letsencrypt_webfaction $*
}

Step 4) Create a new config file for your certificate defaults in your home cd ~/ directory called “LetsEncrypt_Config.yml” with the following content:

key_size: 4096
# We need an ACME server to talk to, see github.com/letsencrypt/boulder
endpoint: 'https://acme-v01.api.letsencrypt.org/'
domains: []
public: ''
output_dir: '~/LetsEncrypt_Certs/'
letsencrypt_account_email: 'me@mymail.com'
api_url: 'https://api.webfaction.com/'
username: 'webfaction_username'
password: 'webfaction_password'
servername: ''
cert_name: ''

Generate A Certificate:

Step 1) 

Copy the code below to your notepad:

letsencrypt_webfaction --config ~/LetsEncrypt_Config.yml --domains {hostName}.com,www.{hostName}.com --public ~/webapps/{hostName}

In NotePad, replace {hostName} with the name your domain:

--domains {hostName}.com,www.{hostName}.com

Then replace {websiteName} with name of your website’s directory or it’s public path:

 --public ~/webapps/{websiteName}

Login to your server via SSH and paste the modified code from your notepad and hit enter.

If successful, a new certificate will appear in your WebFaction dashboard.

Step 2) Login to your WebFaction dashboard and add new Website called {hostName}_https.  Link both versions of your domains (domain.com,www.domain.com).  Switch on the HTTPS setting. Select your new certificate from the dropdown menu and click save.

Step 3) Add the following code to your .htaccess file to insure SSL is turned on and people are redirected to the www.domain.com version of your site.

# BEGIN SSL
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
# END SSL

Step 4) You can add a cron job to re-issue the certificate every three months automatically. Connect to your server via SSH and edit your crontab by executing the following command:

crontab -e

Then type i to switch to insert mode.

Copy the code below to your notepad:

0 4 1 */2 * PATH=$PATH:$GEM_HOME/bin:/usr/local/bin GEM_HOME=$HOME/.letsencrypt_webfaction/gems RUBYLIB=$GEM_HOME/lib ruby2.2 $HOME/.letsencrypt_webfaction/gems/bin/letsencrypt_webfaction --config ~/LetsEncrypt_Config.yml --domains {hostName}.com,www.{hostName}.com --public ~/webapps/{websiteName}

0 4 1 */2 * represents the time your job will execute. See: https://crontab.guru

This would run at 4 a.m. on the first day of January, March, May, July, September, and November. Certificates expire three months after issuance, so modify as desired (for example, you may want to run the task every two months initially, to be sure that everything is working before extending the period). Change the date of the Cron task so that WebFaction staff don’t simultaneously receive all certificate change requests on the first day of the month.

In NotePad, replace {hostName} with the name your domain:

--domains {hostName}.com,www.{hostName}.com

Then replace {websiteName} with name of your website’s directory or it’s public path:

 --public ~/webapps/{websiteName}

Switch back to your Terminal SSH session and move the insert cursor to end of screen and hit enter to create a new line. Then paste the modified code from your notepad.

If you want to be notified upon failure paste in the following code at top of your crontab:

MAILTO=you@youremail.com

Once you’re done editing your crontab type esc, then type :w to write the crontab and type :q to quit the editor.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *