Site updated at 2016-08-22 08:21:42 UTC

2016-08-22 08:21:43 +00:00 · 2016-08-22 08:21:43 +00:00 · 4acb07bf8e
commit 4acb07bf8e
parent f9d65cbe57
559 changed files with 18878 additions and 21688 deletions
--- a/blog/2015/12/13/setup-encryption-using-lets-encrypt/index.html
+++ b/blog/2015/12/13/setup-encryption-using-lets-encrypt/index.html
@ -87,13 +87,13 @@
  <div class="meta clearfix">
    <time datetime="2015-12-13T18:05:00+00:00" pubdate data-updated="true"><i class="icon-calendar"></i> December 13, 2015</time>
    <span class="byline author vcard"><i class='icon-user'></i> Paulus Schoutsen & Martin Hjelmare</span>
-    <span><i class='icon-time'></i> four minutes reading time</span>
+    <span><i class='icon-time'></i> five minutes reading time</span>
    <span>
    <i class="icon-tags"></i>
    <ul class="tags unstyled">
    
      
-        <li><a class='category' href='/blog/categories/how-to/'>How-To</a></li>
+        <li>How-To</li>
      
    
    </ul>
@ -148,61 +148,53 @@

 <p>Let’s Encrypt will give you a free 90-day certificate if you pass their domain validation challenge. Domains are validated by having certain data be accessible on your domain for Let’s Encrypt (<a href="https://letsencrypt.org/how-it-works/">they describe it better themselves</a>).</p>

-<p>Assuming that your home is behind a router, the first thing to do is to set up port forwarding from your router to your computer that will run Let’s Encrypt. For the Let’s Encrypt set up we need to forward external port <code>80</code> to internal port <code>80</code> (http connections). This can be set up by accessing your router admin interface (<a href="http://portforward.com">Site with port forwarding instructions per router</a>). This port forward must be active whenever you want to request a new certificate from Let’s Encrypt, typically every three months. If you normally don’t use or have an app that listens to port <code>80</code>, it should be safe to leave the port open. This will make renewing certificates easier.</p>
+<p>Assuming that your home is behind a router, the first thing to do is to set up port forwarding from your router to your computer that will run Let’s Encrypt. For the Let’s Encrypt set up we need to forward external port <code class="highlighter-rouge">80</code> to internal port <code class="highlighter-rouge">80</code> (http connections). This can be set up by accessing your router admin interface (<a href="http://portforward.com">Site with port forwarding instructions per router</a>). This port forward must be active whenever you want to request a new certificate from Let’s Encrypt, typically every three months. If you normally don’t use or have an app that listens to port <code class="highlighter-rouge">80</code>, it should be safe to leave the port open. This will make renewing certificates easier.</p>

 <p>Now you’re ready to install and run the client that requests certificates from Let’s Encrypt. The following example will use the platform independent script to install and run the <a href="https://certbot.eff.org/">certbot</a> client from Let’s Encrypt. If there is a certbot package for your OS, it’s recommended to install the package instead of the platform independent script. Read the <a href="https://certbot.eff.org/">docs</a> for more information. There are also other clients that might offer more customization and options. See the <a href="https://letsencrypt.org/docs/client-options/">client options page</a> at Let’s Encrypt.</p>

-<div class="highlighter-coderay"><div class="CodeRay">
-  <div class="code"><pre>$ mkdir certbot
-$ cd certbot/
-$ wget https://dl.eff.org/certbot-auto
-$ chmod a+x certbot-auto
-$ ./certbot-auto certonly --standalone \
-                          --standalone-supported-challenges http-01 \
-                          --email your@email.address \
+<div class="language-bash highlighter-rouge"><pre class="highlight"><code><span class="gp">$ </span>mkdir certbot
+<span class="gp">$ </span><span class="nb">cd </span>certbot/
+<span class="gp">$ </span>wget https://dl.eff.org/certbot-auto
+<span class="gp">$ </span>chmod a+x certbot-auto
+<span class="gp">$ </span>./certbot-auto certonly --standalone <span class="se">\</span>
+                          --standalone-supported-challenges http-01 <span class="se">\</span>
+                          --email your@email.address <span class="se">\</span>
                          -d hass-example.duckdns.org
-</pre></div>
-</div>
+</code></pre>
 </div>

 <p>If you’re using Docker, run the following command to generate the required keys:</p>

-<div class="highlighter-coderay"><div class="CodeRay">
-  <div class="code"><pre>sudo mkdir /etc/letsencrypt /var/lib/letsencrypt
-sudo docker run -it --rm -p 80:80 --name certbot \
-                -v &quot;/etc/letsencrypt:/etc/letsencrypt&quot; \
-                -v &quot;/var/lib/letsencrypt:/var/lib/letsencrypt&quot; \
-                quay.io/letsencrypt/letsencrypt:latest certonly \
-                --standalone --standalone-supported-challenges http-01 \
+<div class="language-bash highlighter-rouge"><pre class="highlight"><code>sudo mkdir /etc/letsencrypt /var/lib/letsencrypt
+sudo docker run -it --rm -p 80:80 --name certbot <span class="se">\</span>
+                -v <span class="s2">"/etc/letsencrypt:/etc/letsencrypt"</span> <span class="se">\</span>
+                -v <span class="s2">"/var/lib/letsencrypt:/var/lib/letsencrypt"</span> <span class="se">\</span>
+                quay.io/letsencrypt/letsencrypt:latest certonly <span class="se">\</span>
+                --standalone --standalone-supported-challenges http-01 <span class="se">\</span>
                --email your@email.address -d hass-example.duckdns.org
-</pre></div>
-</div>
+</code></pre>
 </div>

-<p>With either method your certificate will be generated and put in the directory <code>/etc/letsencrypt/live/hass-example.duckdns.org</code>. As the lifetime is only 90 days, you will have to repeat this every 90 days. There’s a special command to simplify renewing certificates:</p>
+<p>With either method your certificate will be generated and put in the directory <code class="highlighter-rouge">/etc/letsencrypt/live/hass-example.duckdns.org</code>. As the lifetime is only 90 days, you will have to repeat this every 90 days. There’s a special command to simplify renewing certificates:</p>

-<div class="highlighter-coderay"><div class="CodeRay">
-  <div class="code"><pre>./certbot-auto renew --quiet --no-self-upgrade --standalone \
+<div class="language-bash highlighter-rouge"><pre class="highlight"><code>./certbot-auto renew --quiet --no-self-upgrade --standalone <span class="se">\</span>
                     --standalone-supported-challenges http-01
-</pre></div>
-</div>
+</code></pre>
 </div>

 <p><img width="60" src="/images/favicon-192x192.png" style="float: right; border:none; box-shadow: none;" /></p>

 <h3><a class="title-link" name="home-assistant" href="#home-assistant"></a> Home Assistant</h3>

-<p>Before updating the Home Assistant configuration, we have to forward port <code>443</code> (https connections) to port <code>8123</code> on the computer that will run Home Assistant. Do this in your router configuration as previously done for port <code>80</code>.</p>
+<p>Before updating the Home Assistant configuration, we have to forward port <code class="highlighter-rouge">443</code> (https connections) to port <code class="highlighter-rouge">8123</code> on the computer that will run Home Assistant. Do this in your router configuration as previously done for port <code class="highlighter-rouge">80</code>.</p>

 <p>The final step is to point Home Assistant at the generated certificates. Before you do this, make sure that the user running Home Assistant has read access to the folder that holds the certificates.</p>

-<div class="highlighter-coderay"><div class="CodeRay">
-  <div class="code"><pre><span class="key">http</span>:
-  <span class="key">api_password</span>: <span class="string"><span class="content">YOUR_SECRET_PASSWORD</span></span>
-  <span class="key">ssl_certificate</span>: <span class="string"><span class="content">/etc/letsencrypt/live/hass-example.duckdns.org/fullchain.pem</span></span>
-  <span class="key">ssl_key</span>: <span class="string"><span class="content">/etc/letsencrypt/live/hass-example.duckdns.org/privkey.pem</span></span>
-</pre></div>
-</div>
+<div class="language-yaml highlighter-rouge"><pre class="highlight"><code><span class="s">http</span><span class="pi">:</span>
+  <span class="s">api_password</span><span class="pi">:</span> <span class="s">YOUR_SECRET_PASSWORD</span>
+  <span class="s">ssl_certificate</span><span class="pi">:</span> <span class="s">/etc/letsencrypt/live/hass-example.duckdns.org/fullchain.pem</span>
+  <span class="s">ssl_key</span><span class="pi">:</span> <span class="s">/etc/letsencrypt/live/hass-example.duckdns.org/privkey.pem</span>
+</code></pre>
 </div>

 <p>You can now navigate to https://hass-example.duckdns.org and enjoy encryption!</p>
@ -281,7 +273,7 @@ sudo docker run -it --rm -p 80:80 --name certbot \
    
      
        <li class="post">
-          <a href="/blog/2016/08/13/foursquare-fast-com-ffmpeg-gpsd/">0.26: Foursquare, Fast.com, FFMPEG and GPSD</a>
+          <a href="/blog/2016/08/13/foursquare-fast.com-ffmpeg-gpsd/">0.26: Foursquare, Fast.com, FFMPEG and GPSD</a>
        </li>