The Woes Of Relying On SSL “Services”

I had struggled to get SSL up and running on my server for years. I could generate self-signed certs and use them no problem, but getting actual certs working seemed to elude me. For some time now, everyone uses the great https://letsencrypt.org/ certs, and I wanted in on that as well. About 6 months ago I finally got them working thanks to a link I found in a WordPress plugin I had installed for SSL within WordPress. I finally had gotten legit working (not self-signed) certs for my server through the http://zerossl.com website. It was great. All my woes attempting to get certbot working on Slackware virtually disappeared. It created my certs, I installed them and they worked great right away!

Only when I went to renew them this time as they expire in 10 days, I noticed the site had changed on me. No longer was the free (awesome) service I found to generate my certs there but a shell of that service now with tiered payment plans (for a FREE certificate CA, at that!) For my sitewide wildcard cert, they now wanted $50 a MONTH for a cert only good for 3 months! Fucking insanity. Some poor sap like me has likely been put in a hell of a bind as a result of this shady bullshit. How one can take a free software initiative and turn it into a for-profit scam is beyond me, but I find it repulsive. We all have to make money, I get it. But destroying a useful gateway to a free to anyone cert signing service is downright disgusting practice.

So now I had to really figure this cert stuff out. Within 10 days at that.

I must point out, I don’t really need SSL on this server, I do use it mostly for personal security and the security blanket it provides users who see that nice little green lock icon and know they are getting safe content when they come here. That’s worth something, I think.

My issues stem from using a Linux distro that basically no one in the Linux industry uses for actually running any kind of server. Since I use Slackware, I’m basically a black sheep in a crowd of other black sheep (That’s me in the corner…). So certbot or any of the other ACME clients out there are not tailored or even support the basic utilities of my OS, so getting anything even running is a miracle in and of itself.

But that is when I found a great write-up by Slackware guru AlienBob, https://alien.slackbook.org/blog/using-letsencrypt-to-secure-your-slackware-webserver-with-https/. It took most of my free hours the past two days to work through setting this all up and testing it with my config, but I’ve got it running at this point. It will be a few months before I see if all the cron jobs go off without a hitch and it renews everything for me, but this article was a complete lifesaver. I’m genuinely happy there are people out there writing this kind of content still. Most things I’ve had to go and dive into a hole and sink or swim with Slackware, and this is one time where I didn’t have to do that for a change, and I still walked away learning something.

So I’d just like to thank AlienBOB for the write-up and also https://dehydrated.io/ for writing a script without 17 dependencies that finally enabled me to setup and maintain working SSL certs on this server. And as usual I’ve learned it best to stay away from a “free” service and just go learn it yourself, it’s more rewarding and always pays off in the end!

gofundme campaign successful

I’m very happy to announce the gofundme I setup to raise funds for the site to remain online was very successful! As of this writing we have raised $250 (which is MORE than we even needed!) which will keep things squared up for the next two years!

I do greatly appreciate all of the support from donors and users alike. This is a wonderful community, and I’m proud to be involved in even the remotest way.

I’d like to thank all the donors thus far (in no particular order): Jarrod Johnson, James Llyod, Joseph Boyd, Stefan Stockinger, Zoe Blade and Laurent Raufaste. There is more donors, but they wish to remain private (according to the gofundme page at least), and I’d like to thank them as well!

I truly appreciate all the support and all of the well wishes everyone has sent. Thank you all for everything!

Updates

Today I updated WordPress. Two years later. And annoyingly enough, did it all manually since I’m OCD and I keep my server completely locked down like that. There is no FTP access as it’s insecure, and since I don’t use FTP, there’s no reason to enable an FTP server on my server. Ya dig?

I also changed the colors and theme today as well. Eventually this might even disappear completely and be replaced with either another install with a different focus, or I’ll duplicate it for that purpose and leave this one here.

Maybe I’ll actually write a blog someday…