Setup SSL on a Raspberry Pi in 2 minutes

UPDATE: Lets Encypt have an auto install bot and it’s a signed certificate, meaning no warning! https://letsencrypt.org/

 

Granted this is a self signed certificate and not one from an issuing authority, but for most domestic uses it’s fine.

Make a directory called ssl

Code: Select all

sudo mkdir /etc/apache2/ssl

Create the certificate

Code: Select all

sudo openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -out /etc/apache2/ssl/server.crt -keyout /etc/apache2/ssl/server.key

for the domain name I used my ddns.net domain, and that’s fine, but it has to be a domain name and not an IP.

Here’s my ouput

Generating a 2048 bit RSA private key
………………………+++
………………………………………………………………+++
writing new private key to ‘/etc/apache2/ssl/server1.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:UK
State or Province Name (full name) [Some-State]:Yorkshire!
Locality Name (eg, city) []:Home
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Dazbobaby inc.
Organizational Unit Name (eg, section) []:Admin
Common Name (e.g. server FQDN or YOUR name) []:mydomain.ddns.net
Email Address []:admin@mydomain.ddns.net

Install the SSL mod for Apache2

Code: Select all

sudo a2enmod ssl

Restart Apache:

Code: Select all

sudo service apache2 restart

Create a file and symbolic link to the sites-enabled and sites-default folders

Code: Select all

sudo ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/000-default-ssl.conf

Edit the file.

Code: Select all

sudo nano /etc/apache2/sites-enabled/000-default-ssl.conf

Insert these two lines before </VirtualHost>

Code: Select all

SSLCertificateFile    /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key

Now browse to your site with HTTPS:// and accept the new security certificate

Source: https://hallard.me/enable-ssl-for-apach … 5-minutes/

Setup redirection from port 80 (insecure) to 443
Edit /etc/apache2/sites-enabled.conf
Add this:

Code: Select all

<VirtualHost *:80>
   ServerName http://mydomain.ddns.net
   Redirect permanent / https://mydomain.ddns.net/
</VirtualHost>

Restart apache