Let's Encrypt
  • Hi all,

    Does anyone have any experience with Let's Encrypt (https://letsencrypt.org) and SecuritySpy? I'm about to install SS for family with 3 webcams. I'm setting up an old iMac to run SS. The DSL connection has a fixed WAN IP, so I thought I'd do the following:

    1. Create an A record for securityspy.[example.com]
    2. Forward 8001 to the iMac on their WAN device (with the iMac's FQDN set to securityspy.[example.com])
    3. Install certbot (https://certbot.eff.org) on the iMac, and create an SSL cert via Let's Encrypt, using the 'certonly' function of certbot
    4. Set up a cron job so that certbot renews the cert regularly

    Has anyone done this, succeeded, failed, integrated it, etc.? Does the SS web server have anything that could assist? Does the SS dynamic DNS option do anything like this already? I'd like a 'set and forget' option without having to pay for a new cert every year.

    Thanks in advance for any pointers!

  • Hi James,

    We have looked at Let's Encrypt before and it looks like a great project. This isn't directly integrated into SecuritySpy (though it may be in the future), so it would be a bit tricky to set this up using cron and scripts.

    After setting this up initially and providing SecuritySpy with the key, certificate, and any intermediate certificates, you would have to get the cron job to regularly run a script to generate a new certificate, then convert it into the correct format (PEM or binary DER), copy it to the SecuritySpy folder (which is in the user's Home folder), then restart SecuritySpy.

    It may simply be easier to purchase an official certificate (e.g. from Namecheap for multiple years, so it's all set up and running and you don't have to worry about it for a while.

    Or, simply use SecuritySpy's self-signed certificate, which it generates for you automatically. Ideally this should be used in conjunction with SecuritySpy's DDNS function, so that the certificate contains the correct domain name to minimise warnings from web browsers.
  • Apologies - I've only just revisited this and seen a reply. I don't think I got a notification for it.

    Fair enough, thanks - I'll look at that.

    Edit: Discussion comment notification emails seem to be disabled by default, for some reason - I've enabled them.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!