The main purpose of this article is to enable you to use a valid SSL certificate for web-based services on your seedbox and to remove warnings about connection isn't secure (even though it actually is).

When you access any web-based services on your seedbox for the first time, you will  experience browser warnings that connection is not secure, and that SSL certificate can not be trusted.
Instead of adding an permanent exception to enable secure connection (which is also fine, and will get the job done) on any first time you access the seedbox in a new browser or computer, we will now show you how to register a free DNS domain and then how to use a valid SSL certificate on your seedbox.

Step 1: Register seedbox name in DNS

We will use No-IP free account - up to 3 domain names can be registered free of charge.

Register / Sign in: https://www.noip.com/

Then you need to Add a new Host:

  1. Choose the name for the seedbox.
  2. Choose the subdomain.
  3. Enter the IP address of the seedbox.

Step 2: Install No-IP DNS client on the seedbox

To be able to execute install commands on your seedbox, you will have to log in to it via ssh client using root user credentials, or to start konsole emulator while logged in via Remote Desktop client.

Once logged in, type following commands (one per line)

apt-get update
apt-get -y install build-essential
wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz
tar zvxf noip-duc-linux.tar.gz
cd noip-2.1.9-1/
make install


Output:

if [ ! -d /usr/local/bin ]; then mkdir -p /usr/local/bin;fi
if [ ! -d /usr/local/etc ]; then mkdir -p /usr/local/etc;fi
cp noip2 /usr/local/bin/noip2
/usr/local/bin/noip2 -C -c /tmp/no-ip2.conf

Auto configuration for Linux client of no-ip.com.

Multiple network devices have been detected.

Please select the Internet interface from this list.

By typing the number associated with it.
0       venet0
1       tun0

Choose 0

Please enter the login/email string for no-ip.com  

[email protected] (mail address used for registering no-ip account)

Please enter the password for user '[email protected]'

password (that you have used for registering no-ip account)

Only one host [xxxxxxxxxx] is registered to this account.
It will be used.
Please enter an update interval:[30]  
Do you wish to run something at successful update?[N] (y/N)  

Enter or (N)

New configuration file '/tmp/no-ip2.conf' created.

mv /tmp/no-ip2.conf /usr/local/etc/no-ip2.conf


Allow No-IP client to start at boot by typing this line

echo -e '#!/bin/bash\n\nnoip2' > /etc/rsb.init.d/noip2.sh


Step 3: Let's Encrypt certificate

Now you have to add Let`s Encrypt engine and certificate to your new domain name. Also issue these commands while logged in to the seedbox via ssh client as root user.

add-apt-repository -y ppa:certbot/certbot
apt-get update
apt-get -y install python-certbot-apache

We need it because certbot will use plain HTTP authorization during initial certificate request routine.

To temporarily enable http Web server on port 80, type these commands.

a2ensite 000-default
systemctl reload apache2

Request certificate for the domain 'name.subdomain.xxx' (one you created on no-ip.com)

mkdir /etc/letsencrypt/live
certbot -n certonly --apache -m [email protected] --agree-tos -d name.subdomain.xxx


Step 5: Certificate renewal script

The certificate from Let's Encrypt is valid for 90 days, so let schedule the renewal routine to run every day at 3:15am.
Web server configuration should be auto-updated upon the successful certificate renewal.

echo -e 'PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\n\n15 3 * * * /usr/bin/certbot renew --quiet --post-hook "systemctl reload apache2"' > /etc/cron.d/certbot

Step 6: Disable http Web server on port 80

Now is time to return web server to run on secure port again.

a2dissite 000-default
systemctl reload apache2

Modify our Web server configuration: change the following command with your registered no-ip domain

sed -i -e 's,\(\s*\)SSLCertificateFile.*,\1SSLCertificateFile /etc/letsencrypt/live/NAME.SUBDOMAIN.XXXX/fullchain.pem ,' /etc/apache2/sites-available/rsb.conf
 
sed -i -e 's,\(\s*\)SSLCertificateKeyFile.*,\1SSLCertificateKeyFile /etc/letsencrypt/live/NAME.SUBDOMAIN.XXXX/privkey.pem ,' /etc/apache2/sites-available/rsb.conf
 
systemctl reload apache2

Done. Just check the HTTPS Web server functionality

NOTE: You will have to do steps 2 to 5 each time you request reinstallation of the seedbox, or if you reinstall seedbox yourself, since all data from seedbox will be wiped.


Enjoy! 😃

Did this answer your question?