Rundeck is an OSS that automate routine operational procedures in data center or cloud environments. Here is the blog to configure SSL on Rundeck for secure transaction within intranet and internet. This blog is a reference to configure SSL for Rundeck running on Linux (CentOS/Debian)
Steps to generate self-signed PKCS#12 SSL certificate and export its keys:
- Create PKCS#12 keystore (.pfx file)
#keytool -genkeypair -keystore myKeystore.pfx -storetype PKCS12 -storepass password -alias KEYSTORE_ENTRY -keyalg RSA -keysize 2048 -validity 99999 -dname "CN=My SSL Certificate, OU=Sustaining, O=Virtustream, L=McLean, ST=VA, C=US" -ext san=dns:servername.com,dns:localhost,ip:127.0.0.1,ip:xx.xx.xx.xx
Replace servername.com with FQDN of the Rundeck server and xx with Rundeck server IP address
Few folks told me that while they try to access my website vinaybabu.in they get nasty message from browsers that its unsafe to browse through my website. That’s because I was using self-signed certificate to encrypt the internet traffic. I didn’t want to go with CA vendors who charge more than the cost of my #raspberrypi.
After googling got to know about letsencrypt which provides free trusted SSL certificates. I would like to thank below tech blog / link from techmint for installing letsencrypt on my pi. Only catch is that we need to renew certificate within 90 days.
To automate renewal of letencrypt (certbot) certificate we can use below script taken from the link https://www.upcloud.com/support/install-lets-encrypt-apache/
if ! /usr/local/letsencrypt/letsencrypt-auto certonly -tvv --keep --webroot -w <web root folder> -d vinaybabu.in > /var/log/letsencrypt/renew.log 2>&1 ; then
echo Automated renewal failed:
Note: Do change the <web root folder> with actual path
Save the above script in /root folder. I’ve saved this script as auto_renew.sh
Finally, create a new crontab entry as under to run the script every 80 days. Threshold to renew Letsencrypt (certbot) certificate is 30 days.
#crontab -e <run as root>
0 0 */80 * * /root/auto_renew.sh
To check crontab entries use below command
#crontab -l <run as root>
That’s it! folks can access my website from any type of device or browser without any issues. I’ve got free trusted certificate and enabled secure and encrypted traffic while accessing my website.
Thanks much @letsencrypt and @tecmint.
Image’s courtesy: letsencrypt.org