Tag / certificate

  • February 23, 2016 - Tom Hacohen

    Running letsencrypt as an Unprivileged User

    Running letsencrypt as an unprivileged user (non-root) is surprisingly easy, and even more surprisingly undocumented. There is no mention in the official documentation, nor was I able to find anything online. There are alternative clients that were designed to be run as unprivileged, but they are not as beginner-friendly as the official one. Personally, I’ve switched to acme-tiny (and created an AUR package for it). Its much smaller and lets me have an even more secure setup. Why would you want to bother with this? One word: security. You should always strive to run every process with the lowest privileges possible because this reduces the chances of data loss as a result of a bug. More importantly, this reduces the chances of your server being compromised and thus improves overall security. Summary In this tutorial we will setup letsencrypt to run as an unprivileged user using the webroot plugin. This […]

    Read More
  • The usage of https has been so far somewhat restricted on open source projects, because of the cost of acquiring and maintaining certificates. As a result of this and the need to improve Internet security, several projects are working on providing free valid certificates. Among those projects, Let’s Encript launched a public beta last week on December, 3 2015. The Let’s Encrypt Approach Let’s Encrypt is a Linux Foundation Collaborative project that started to fulfill an Electronic Frontier Foundation – EFF long-term mission to Encrypt the Web. According with EFF, the “aim is to switch hypertext from insecure HTTP to secure HTTPS. That protection is essential in order to defend Internet users against surveillance of the content of their communications; cookie theft, account hijacking and other web security flaws; cookie and ad injection; and some forms of Internet censorship.”. With that goal in mind, the Let’s Encrypt project is providing […]

    Read More