Tuesday, March 19, 2024

Back to the basics: Securing Web Deployments with Load Balancer, Let's Encrypt and CloudFlare

Few months ago I just started a website to publish my experiements and test my coding skills. I posted about it before here . For the very same website I needed to renew my Let's Encrypt certificates. While doing so, I delved into a side track which was a deadend so I decided to post about it for myself as a reminder also for someone who might use it.

I am publishing this under basics as it is a recurring process and an important part of the deployment. Later on I will post about how to automate the process. For now this is following certbot manual process with DNS Challange.

1I am going to use the DNS Challange method, and zone info is served by CloudFlare DNS. I am going to use certbot-dns-cloudflare plugin. For this purpose I need an API Key to allow certbot edit my DNS zone. Here are the steps for that:

2 Once the key is generated, you can test it with curl
And you will get a json similar to this one

3Put the token into cloudflare.ini file

4Run Certbot Container. The below command will mount your local folders inside container, so that your cloudflare.ini file will be accessible, and generated certificate will be also saved.

5Follow on screen prompts

6Find your certificates under /etc/letsencrypt/live/codeharmony.net/ folder.

7Add your certificates to Load Balancer or Certificate Service. Or whereever you manage your certificates.

8Edit your HTTPS listener to use new certificate, either loadbalancer or your http server.

9Inspect certificate using openssl.



References:
1.Certbot User Guide I followed the manual process.

Featured

Putting it altogether: How to deploy scalable and secure APEX on OCI

Oracle APEX is very popular, and it is one of the most common usecases that I see with my customers. Oracle Architecture Center offers a re...