Hello Folks,  Today i am going to teach you how to install a ssl certificate via filezilla server.Before we start the tutorial i wan to share my previous thread link about the installation of a SSL Certificate.

Here is link of my previous thread about the Installation : How to install a SSL Certificate via Cpanel

Before we start the tutorial i want to mention some things we require in the installation of SSL/TLS via FTP.

We require a Certificate and a Private Key.We also require a FTP software.I mostly use FileZilla.

You need to download your SSL Certificate and Create a CSR for ftp client.So lets start.We need a software to create Certificate files for the installation.I use OpenSSL.So lets Start.

Creating a CSR for FileZilla

1st: Use terminal to login to your filezilla server.

2nd: Use the following command " openssl req –new –newkey rsa:2048 –nodes –keyout server.key –out server.csr " Make sure to replace server with your server,

3rd: When you use this command it will start creating two files a CSR file and a private key file.

4th: After this it will ask you to enter the domain name.You have to enter the full domain name.

5th: After completing the process.Open the created files with a Text editor and paste the SSL Details

Certificate = your_domain.pem

Enter the Private Key in the files your_domain.key

How to turn off the PWR and ACT LEDs on the Raspberry Pi SBC
PWR = Power & ACT = Activity

Hello and welcome to the world of SBCs*

This guide is meant to make your life easier and more comfortable while working with the Raspberry Pi SBC. It is a very brief and very easy to follow tutorial.

Since the first generation of the Raspberry Pi the stunning SBC has had a few LEDs that are working as indicators for a few important things (<- this is a link) such as power (power is connected and proper delivery is in place), activity (SD card write/read, CPU load, etc) and network activity. The network activity LEDs (link and activity) used to be a dedicated LEDs on the first generations of the board. Nowadays however the network activity LEDs are in the normal Ethernet network jack (<- this is a link) like on normal computers.

I have a few generations of the Raspberry Pi (B/B+/3 B/3 B+) and I generally use them for projects and other stuff in my room because I have no other room or dedicated place to host them. Projects that involve 24x7 operation mean that I'm always exposed to the light of the LEDs. The PWR LED is very bright and when activity is going on you constantly see a green light flashing. This is really annoying especially during the night. So I've been looking for a way to turn off the PWR and ACT LEDs somehow to reduce the amount of light caused by the Raspberry Pi so I can fall asleep normally.

I found a way to reduce the light caused by these two LEDs to zero/null. The LEDs are actually registered within the OS as devices and therefore can be controlled by editing the corresponding configuration files. Both LEDs have identifiers which are LED0 (ACT) and LED1 (PWR) and these are located in /sys/class/leds. Every LED has different configurations files and one of them is brightness located in /sys/class/leds/led<0/1>/brightness. It can contain a value between 0 and 255. The value 0 means no brightness (turned off) and 1 - 255 is simply for turned on (I didn't notice any brightness change when setting it to 1 and 255).


So to turn of these LEDs all you have to do is run the two commands below as root (sudo will NOT WORK!):

There is a little issue though and it is: once you reboot the values of these LEDs will be reset back to what they were before because the LEDs are reinitialized at startup or reboot. There is an easy fix for that though.

Open /etc/rc.local with a text editor like nano as root:

Add these lines at the end of the file but before exit 0:

Save the file with CTRL + V and ENTER. Close the text editor with CTRL + X.

Now whenever your start the Raspberry Pi or reboot it the LEDs will be turned off as soon as the OS starts booting.

That's it. This way it's much better. The network activity LEDs aren't so bright and therefore not even so annoying (imho).


* Single Board Computers

Getting Let's Encrypt Wildcard Certificates
A guide to obtaining free wildcard *.yourdomain.ext certificates from Let's Encrypt on any Linux OS

Hello!

A dream has come true. Let's Encrypt is the first real CA* (certificate authority) to provide absolutely free of charge wildcard domain validated certificates for your domains. This March with a delay of two months the Let's Encrypt team has finally published their new ACMEv2 API with a lot of improvements and enabled requests for wildcard certificates. Now, this is all still fairly new. Issues are to be expected.

What is this guide about? Well, simple: this is about getting yourself a wildcard certificate for your domain on any Linux OS. Since this is all still new most OSs don't even meet the minimum requirements to make use of the new features that ACMEv2 offers. This means you won't get a wildcard certificate if you follow the official documentation on certbot.eff.org or use the Certbot client from your OSs repos**. What you need is the latest client (at least the version number 0.22 or above) to make use of ACMEv2 and request wildcard certificates. So this is what this guide will help you with.

If you are interested in grabbing one of those neat wildcard certificates for your domains just continue reading. I'll try to make the guide as easy as possible and brief. Therefore I will include links for certain steps to other sites that explain certain parts better. If you have any questions feel free to post them down below.

Make sure you have full DNS access to your domains as you will be required to create TXT DNS records for domain ownership validation for the certificates!


* CloudFlare basically provides free wildcard certificates but a) they get them from Comodo, b) CloudFlare is a MITM (this is a security NO GO) so you shouldn't use it when you need TLS encryption and c) CloudFlare certificates are shared among many other domains (including bad domains). So I don't count them as a real CA (they simply aren't even though their sponsor Comodo is a CA) that would provide free wildcard certificates.

** According to the information at the Certbot documentation site at EFF CentOS/RHEL 7 is so far the only OS that has got the new Certbot client already in its repos. Debian for example only has 0.22.0 in their unstable repo for the upcoming Debian 10! Ubuntu doesn't seem to have it at all even in the latest version.

The Let's Encrypt team offers a script to install the latest available stable version of Cerbot-auto on pretty much any Linux OS. This script is what we're going to use to grab the latest version of the Certbot-auto client and install it on your server.

Certbot-auto is one of many Let's Encrypt clients. It has a huge advantage over some clients. As mentioned before it will install the latest version and all necessary other packages automatically. It also comes with all features but that said, some people might not really like the full feature client due to its size and the huge feature set of which the most will only use a small part.

1. Login into your server as root as you will be needing administrative permissions.
   
   
2. Update your OS to the latest state to prevent issues with dependencies and software versions.*
   
   
3. Download the certbot-auto script to your server with the command below.
   
   Code:

   wget https://dl.eff.org/certbot-auto
   (If you have trouble and get an error regarding the TLS certificate make sure you have installed the ca certificate bundle package.)**
   
   
4. Set execution permission for the script so it can be executed with the command below.
   
   Code:

   chmod a+x certbot-auto
   
   
5. Run the certbot-auto script to install the latest version with the command below.
   
   Code:

   ./certbot-auto

This step will take some time depending on the performance of your server and the speed of your servers network. The latest version will be installed and all necessary additional packages. At the end of the installation, the script might throw an error regarding not being able to install a Apache 2 related addon. This usually happens when you don't use the Apache 2 web server. You can simply ignore this error.

If you get any other error feel free to post it here. I or the community might be able to help. You are also very welcome to join the Let's Encrypt community and ask there. They have the developer team onboard and so you will get direct support from the creators.

Don't delete the cerbot-auto file! This is what you will need or better said this is the file you will have to run when you want to request certificates, modify certificates, renew them and etc. This is the main executable of certbot-auto because the certbot-auto client is a wrapped and self-updating script.


* Here is how you can update your OS to the latest state on the most common Linux OSs.

Quote:Debian/Ubuntu:
apt-get update && apt-get upgrade -y

RHEL/CentOS/Fedora:
yum update -y

Arch Linux:
pacman -Syu

The Ubuntu/Debian command can be used on all Linux OSs that are based on either Debian or Ubuntu. The same applies to the RHEL/CentOS/Fedora command.

For other Linux OSs please use Google to find instructions. The above listed OSs are the most common and the one I have used/had experience from before. I cannot cover everything.

** Here is how you can install the ca certificates bundle on the most common Linux OSs.

Quote:Ubuntu/Debian:
apt-get install ca-certificates

RHEL/CentOS/Fedora:
yum install ca-certificates

Arch Linux:
pacman -S ca-certificates ca-certificates-mozilla ca-certificates-utils

The Ubuntu/Debian command can be used on all Linux OSs that are based on either Debian or Ubuntu. The same applies to the RHEL/CentOS/Fedora command.

For other Linux OSs please use Google to find instructions. The above listed OSs are the most common and the one I have used/had experience from before. I cannot cover everything.

Once chapter 2 of this guide has been completed and the latest version of the certbot-auto client has been installed you can start with requesting your wildcard certificate from Let's Encrypt over the new ACMEv2 API with the new TXT DNS record domain ownership validation.

1. Run the command below to request the wildcard certificate for your domain that covers all subdomains.
   
   Code:

   ./certbot-auto certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d *.yourdomain.ext -d yourdomain.ext
   (Replace *.yourdomain.ext/yourdomain.ext with your actual domain name.)
   
   It is necessary to include the main domain yourdomain.ext to cover it because the domain *.yourdomain.ext will only cover all subdomains of your main domain like subdomain1.yourdomain.ext, subdomain2.yourdomain.ext and so on. A bit weird but unfortunately *.yourdomain.ext doesn't cover the main domain. That's just how it is. So don't forget to include the main domain when requesting wildcard certificates anywhere.
   
   The wildcard domain *.yourdomain.ext in the certificate will not cover subdomains of subdomains like subdomain1.subdomain1.yourdomain.ext! To achieve this you will have to include additional domains to the command above like below.
   
   Code:

   [...] -d *.subdomain1.yourdomain.ext
   
   
2. The script will ask you to confirm and accept a few agreements and some information. So please do confirm and/or accept if asked to do so to continue.
   
   
3. You will now be asked to create TXT DNS records for your domains like in the following example output.
   

   Quote:-------------------------------------------------------------------------------
   Please deploy a DNS TXT record under the name
   _acme-challenge.yourdomain.ext with the following value:
   
   5GFgEqWd7AQrvHteRtfT5V-XXXXXXXXXXXXXX
   
   Before continuing, verify the record is deployed.
   -------------------------------------------------------------------------------
   Press Enter to Continue
   
   -------------------------------------------------------------------------------
   Please deploy a DNS TXT record under the name
   _acme-challenge.yourdomain.ext with the following value:
   
   5ACgSpWd7AQrvHvkRsl9A-XXXXXXXXXXXXXX
   
   Before continuing, verify the record is deployed.
   -------------------------------------------------------------------------------
   Press Enter to Continue

   
   Go to your domain DNS control panel and create both TXT DNS records with the name as shown in the output of certbot-auto and the value as shown there. Before hitting ENTER to continue, wait a little bit and give the DNS propagation a bit of time. You can use https://www.whatsmydns.net/ to check how well the TXT DNS records have updated all over the world already.
   
   
4. When everything is in order hit the ENTER button on your keyboard and certbot-auto will start to verify the ownership of your domains by looking for the created TXT DNS records and compare them. If everything is good you will see the message below.
   

   Quote:IMPORTANT NOTES:
   - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/yourdomain.ext/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/yourdomain.ext/privkey.pem
   Your cert will expire on 2018-06-20. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
   - If you like Certbot, please consider supporting our work by:
   
   Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
   Donating to EFF: https://eff.org/donate-le

Congratulations! You have received your wildcard certificate from Let's Encrypt for your main domains and all subdomains of your main domains. If you also requested one for subdomains of subdomains it will also cover that. So far so good.

As mentioned in the final output the certificate files and the private key are stored in the following location:

In general, you will need the three files from the list below when installing the requested certificate in your websites vHosts for your web server.

1. fullchain.pem (CA cert - intermediate certs - your certificate)
   
2. privkey.pem (private key file for your certificate)
   
3. chain.pem (CA cert - intermediate certs)
   

So that's it. It looks like a lot, right? In fact, it's not that much. Just a few commands for the certbot-auto client installation and finally the request to get the certificate. And you have your wildcard certificate from Let's Encrypt free of charge if everything went well.

All you have to do now is to install the certificate in the vHosts of your websites on your web server. I will not cover this. There are good guides available at through Google for your web server. I personally use Nginx and generate the vHost files from zero by myself along with the Mozilla SSL Configuration Creator.

If you have already operated a web server you will probably already know how to install TLS certificates or know where to get the right guides for your web server. So I see no point it covering something that has a lot of documentation available already and that everyone might do differently. Apart from that I really only use Nginx so I wouldn't be able to cover Apache, IIS or another web server. Sorry about that.


Enjoy your free Let's Encrypt wildcard certificates.