Skip to content

Instantly share code, notes, and snippets.

@andrewlkho
Last active Oct 8, 2021
Embed
What would you like to do?
Implementing HTTPS on NFSN (nearlyfreespeech.net) hosting using Let's Encrypt

These instructions are for implementing HTTPS on a NFSN-hosted static site using a certificate from Let's Encrypt. The certificate is generated manually on a separate computer.

Start off by installing the letsencrypt client. This requires sudo privileges and will install a bunch of packages:

% curl -O https://dl.eff.org/certbot-auto
% chmod +x ./certbot-auto
% ./certbot-auto

Generate the certificate. This will require you to publish some challenge responses on NFSN. I find it easiest to use tmux with letsencrypt running in one window and an SSH session to NFSN in another:

% sudo certbot-auto certonly \
> --email me@domain.com \
> --rsa-key-size 4096 \
> --authenticator manual \
> --domain domain.com \
> --domain www.domain.com

Then send the PEM files to your NFSN server and use the nfsn command the parse them:1

% sudo cat /etc/letsencrypt/live/domain.com/{cert,chain,privkey}.pem |
> ssh ssh.phx.nearlyfreespeech.net nfsn -i set-tls

Note that your NFSN ssh server may be different from mine, and can be found on your "Site Information" page in the control panel. Once that's been done, everything should automatically be redirected to the HTTPS version of the site. It may be helpful to use scheme-relative URLs if you have a mixture of HTTP/HTTPS external content. Don't forget to put a reminder in your todo list to renew the certificate; currently, Let's Encrypt certificates have a 90-day lifetime.


1 Previously, I have been uploading the PEM files to /home/protected/ssl (these can be deleted once everything is done) and then submitting a free assistance request on NFSN with the short name of the site and a brief message e.g. "Please parse the TLS for my site example". However, NFSN provide a way of doing this without troubling their support, using the nfsn command installed on their servers.

@rafalio

This comment has been minimized.

Copy link

@rafalio rafalio commented Jul 10, 2016

Instead of submitting the assistance request you can also just run
cat privkey.pem cert.pem chain.pem | nfsn -i set-tls

Otherwise, thanks for the tutorial, worked great!

@jhofker

This comment has been minimized.

Copy link

@jhofker jhofker commented Aug 10, 2016

They also have a web-based tool if you'd prefer to use that per-site: https://members.nearlyfreespeech.net/{username}/sites/{sitename}/add_tls (or just look in the right-hand sidebar on your site page in NFSN)

@andrewlkho

This comment has been minimized.

Copy link
Owner Author

@andrewlkho andrewlkho commented Sep 10, 2016

@rafalio Thank you, I wasn't aware of that command and so have updated the gist accordingly.

@rebolyte

This comment has been minimized.

Copy link

@rebolyte rebolyte commented Jun 29, 2017

As of January 2017, they are testing out a shell script to automatically set things up.

From your SSH prompt:

tls-setup.sh

Worked for me!

see post on the member forum

@bSampson0

This comment has been minimized.

Copy link

@bSampson0 bSampson0 commented Sep 3, 2018

Thank you rebolyte!

@cyruslk

This comment has been minimized.

Copy link

@cyruslk cyruslk commented Nov 29, 2019

Hey! thanks for this code snippet! Do you know if i can run this as a an adjunct member?

@andrewlkho

This comment has been minimized.

Copy link
Owner Author

@andrewlkho andrewlkho commented Dec 12, 2019

Hey! thanks for this code snippet! Do you know if i can run this as a an adjunct member?

@cyruslk I'm afraid I no longer use NFSN and have never had an adjunct membership so can't tell you. I suspect that if you can SSH in and run nfsn then it will work, but can't try to confirm.

@BradyDale

This comment has been minimized.

Copy link

@BradyDale BradyDale commented Jun 27, 2020

They also have a web-based tool if you'd prefer to use that per-site: https://members.nearlyfreespeech.net/{username}/sites/{sitename}/add_tls (or just look in the right-hand sidebar on your site page in NFSN)

I can't make sense of this. Where is there a place on the site where I can navigate to the web tool?

@BradyDale

This comment has been minimized.

Copy link

@BradyDale BradyDale commented Jun 27, 2020

As of January 2017, they are testing out a shell script to automatically set things up.

From your SSH prompt:

tls-setup.sh

Worked for me!

see post on the member forum

I could not make heads or tales of the instructions above, but this did seem to work for me as well. I don't know why they don't just plainly state that this exists in their FAQ.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment