Pi-Box and SSL

So you have setup your Raspberry Pi and got LAMP (Linux, Apach2, MySQL, PHP) running. This means you more then likely have a small website of some sort running, either for local use or external use. Well if you are using it for external use so others can see it outside of your network, you may want to setup SSL. For this little side project I am going to use the community Pi-Box and Let’sEncrypt.

Setting up CertBot

First you will want to update your packages list and check for any system updates.

sudo apt update

if their are available updates you will then want to proceed to update your system.

sudo apt dist-upgrade

Apache Certbot plugin

This will install the Certbot’s apache plugin to get certbot to correctly work with apache when trying to get your SSL certificate.

sudo apt install python-certbot-apache

Installing Certbot Itself

What’s the use of installing a plugin for Certbot if you don’t have or use Certbot? Certbot is what we use to get our SSL certificate setup with Let’sEncrypt and is a great help since it and Let’sEncrypt is both free.

sudo apt install certbot

Setup the SSL Certificate (Finally)

Alright, now it is time to officially accept the SSL certificate and standard for Pi-Box’s website.

sudo certbot --apache

This should setup your certificate IF the challenge doesn’t error out with

If Error Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

In my case it did so to fix this you will run the below command instead

sudo certbot --authenticator standalone --installer apache -d <domain> --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2"

Just follow it’s prompts as you did in sudo certbot --apache and visit your domain with https instead of http. It’s also worth using the secure option when promted which will redirect all traffic to https.