LetsEncrypt--good ssl certs

so i bought a domain, and i pointed it at my server with NAT etc. all is well except that the cert is self signed. Has anyone gotten letsencrypt working on turnkey? I don’t want to reinvent the wheel if someone has figured it out. Can we get that as an added feature?

First question, can you verify your ISP does not block port 80 or 443? The most simple approach for letsencrypt validation is through a letsencrypt-provided file and the ‘standalone approach’ that pings home and verifies you are who you are, and you have control of the web server at that address.

If you don’t, you can temporarily switch to the letsencrypt branch of mineos-node which leverages the “webroot” approach. If all else fails, you have to use a non-MineOS-related approach, or in other words, the “manual” approach listed on the letsencrypt documentation.

One thing to keep in mind, letsencrypt offers numerous ways to get a cert.

Apache/nginx: you can still use this to get a validated cert, but since they’re not used by MineOS, it would mean you setting up these web servers, getting the letsencrypt validation, then taking down/uninstalling the web servers. It’s not likely worth the effort / potential to mess up your servers. But if you wanted to run a VM to do that, it’s possible.

Standalone: this is your best bet if 80 or 443 is open with your ISP. It is unquestionably the most straightforward way to get the certs, which you would then just fill in their file paths in the mineos.conf.

webroot: this is the approach MineOS uses in that branch I linked above. If it doesn’t make immediate sense to you after reading the letsencrypt docs, you probably should lean toward…

manual: it doesn’t matter what web server you’re using to letsencrypt. nodejs’ web server just cares about the cert you produce.

The web server that drives this support forum and the wiki run off letsencrypt certs, but there have been no mentioned attempts at end-users installing this on MineOS here on the forums.

I’ll give that whirl. I am not blocked on 80 or 443.