How to install FREE Let’s Encrypt wildcard SSL?

by with No Comment SecuritySSLWebdoors.IN Blog

When we talk about SSL, we talk about security. And security has a price: a giant price. SSLs used to be a costly affair unless the Let’s Encrypt community showed up and massively disrupted the CA Industry.

Wildcard SSLs are extremely costly, even today. Companies used to charge heavy fees on their purchases and renewals. But after the advent of Let’s Encrypt, you are not required to pay anything! Yes, anything! Because its FREE! And it provides SSL Certification at domain level verification.

Let’s Encrypt SSLs are free for both the domain as well as the subdomains. You can get a free certificate for all your subdomains along with the main domain at once. This is indeed the concept of Wildcard SSL.

Wildcard SSL protects all your subdomains and the main domain using one single certificate. Here, we would be guiding you to make you learn how to get a wildcard SSL and install it on your server for free from Let’s Encrypt.

So let’s get started:

Step 1

Download stonemax/acme2 and install the composer:

https://github.com/stonemax/acme2

Preferably, git clone using SSH with the following commands:

git clone https://github.com/stonemax/acme2
cd acme2
composer install

Step 2

There is an update in Let’s Encrypt Library so kindly make a small change in src/services/NonceService.php (Line Number 87)

From [Old Code] 

if ($code != 204)
{
 throw new NonceException("Get new nonce failed, the url is: {$newNonceUrl}");
}

To [New Code] 

if ($code != 200)
{
 throw new NonceException("Get new nonce failed, the url is: {$newNonceUrl}");
}

Please note: Kindly ignore this step if the stonemax library already has the above new code.

Step 3

Rewrite the example.php file in home/<your_path>/stonemax/acme2/examples

<?php
/**
 * example php file
 * Updated by Akshay Srivastava, CEO, Webdoors.IN.
 * @author Zhang Jinlong <466028373@qq.com>
 * @link https://github.com/stonemax/acme2
 * @copyright Copyright © 2018 Zhang Jinlong
 * @license https://opensource.org/licenses/mit-license.php MIT License
 */

include('../vendor/autoload.php');

use stonemax\acme2\Client;
use stonemax\acme2\constants\CommonConstant;
$domainInfo = [
    CommonConstant::CHALLENGE_TYPE_HTTP => [
        'yourdomain.com'
    ],

    CommonConstant::CHALLENGE_TYPE_DNS => [
        '*.yourdomain.com',
        '*.www.yourdomain.com'
    ],
];

$client = new Client(['email@yourdomain.com'], '../data/', FALSE);

$algorithm = CommonConstant::KEY_PAIR_TYPE_RSA;                 // Generate RSA certificates, `CommonConstant::KEY_PAIR_TYPE_EC` for ECDSA certificates
$renew = FALSE;                                                 // Renew certificates


$order = $client->getOrder($domainInfo, $algorithm, $renew);    // Get an order service instance

//$order->getPendingChallengeList();                              // Get all authorization challenges for domains

$challengeList = $order->getPendingChallengeList();
foreach ($challengeList as $challenge)
{
    print_r($challenge->getType());          // Challenge type, http-01 or dns-01
    print_r($challenge->getCredential());    // Challenge detail, http-01 with file name and file content, dns-01 with dns record value
    $challenge->verify();           // Do verifying operation, this method will loop infinitely until verification passed
}

$CS_info = $order->getCertificateFile();
print_r($CS_info);

?>

Please note: yourdomain.com will be replaced with the domain you want an SSL Certificate for.

Step 4

Login to your SSH and execute example.php by the following command:

php example.php

Step 5

There will be two types of verification by Let’s Encrypt:

1) File verification:

You will receive the output like:

'http-01'
[
     'identifier' => 'yourdomain.com',
     'fileName' => 'RzMY-HDa1P0DwZalmRyB7wLBNI8fb11LkxdXzNrhA1Y',
     'fileContent' => 'RzMY-HDa1P0DwZalmRyB7wLBNI8fb11LkxdXzNrhA1Y.CNWZAGtAHIUpstBEckq9W_-0ZKxO-IbxF9Y8J_svbqo',
];

With the above verification info, Let’s Encrypt will access “http://yourdomain.com/.well-known/acme-challenge/HDa1P0DwZalmRyB7wLBNI8fb11LkxdXzNrhA1Y”, and the file content will be expected as “RzMY-HDa1P0DwZalmRyB7wLBNI8fb11LkxdXzNrhA1Y.CNWZAGtAHIUpstBEckq9W_-0ZKxO-IbxF9Y8J_svbqo”.

Therefore you are required to create a file with
name HDa1P0DwZalmRyB7wLBNI8fb11LkxdXzNrhA1Y in
http://www.yourdomain.com/.well-known/acme-challenge/
and save it with fileContent value
RzMY-HDa1P0DwZalmRyB7wLBNI8fb11LkxdXzNrhA1Y.CNWZAGtAHIUpstBEckq9W_-0ZKxO-IbxF9Y8J_svbqo

Please note: fileName and fileContent values will be different in your case.

And you are done with the http verification of yourdomain.com.

2) DNS Verification

You will receive the output like:

'dns-01'

[     
'identifier' => 'yourdomain.com',     
'dnsContent' => 'xQwerUEsL8UVc6tIahwIVY4e8N5MAf1xhyY20AELurk',
];

'dns-01'
[     
'identifier' => 'www.yourdomain.com',     
'dnsContent' => 'yWjxrAZsL8UVc6tIahwIVY4e8N5MAf1xhyY20AEDawn',
];

In this case you need to goto your Advanced DNS Settings. You need to add two TXT records like this:

Domain NameDNS record nameTypeTTLDNS record values

*.yourdomain.com
_acme-challenge.yourdomain.com		TXT60
xQwerUEsL8UVc6tIahwIVY4e8N5MAf1xhyY20AELurk
*.www.yourdomain.com
_acme-challenge.www.yourdomain.com		TXT60
yWjxrAZsL8UVc6tIahwIVY4e8N5MAf1xhyY20AEDawn

Please note: dnsContent or DNS Value will be different in your case. Above is just an example.
Also, these verifications will happen sequentially (one after the other). You will be needed to verify the first one first to get the verification value for the next one. It will only proceed to the second verification when the first verification will be successful. Here are three verifications in total:

  1. yourdomain.com (File Verification)
  2. *.yourdomain.com (DNS Verification)
  3. *.www.yourdomain.com (DNS Verification)

Any of the verificaion may pop-up first irrespective of their order in program.

Step 6

Once successfully done, you will receive your SSL Certificate in:
/home/<your_path>/stonemax/acme2/data/<your_account_id>/rsa

Copy the content of certificate-fullchained.crt and paste it in your SSL installer’s certificate text area.

Then, copy the content of private.pem and paste it in your SSL installer’s key text area.

Press Install! You’re done!

Please note: You may ask your hosting provider for help in case you don’t find the SSL installer in your hosting account’s dashboard or you are unable to install the SSL even after the successful SSL order.

5G is dangerous to human health! The Cancer Catalyst.

by with No Comment 5GSecurity

Radiation is a critical form of pollution which is readily available and already killing you slowly (up till now) in the form of mobile phones (cellular), Bluetooth and Wi-Fi radiation. But after the advent of ‘the new’ 5G network, as branded by some of the telecommunication companies, in your neighborhood, make yourself prepared for some anxiety attacks, insomnia, unwanted depression, headaches, chest pain, burning sensations, metallic taste in saliva, body tremors and heart palpitations. Please forgive me if I missed out something but this is unfortunately true.

There are various evidences which determines the irreversible effects of electro magnetic radiation on human body. Some people develop allergy to such radiations which result in the symptoms like nausea and depression along with some or all of the disastrous effects mentioned above (It depends how your body responds to Electro-magnetic radiation). We also would like to inform you that EHS (Electromagnetic Hypersensitivity) is a real deal. Keep in mind: we are primarily a website designing service and our business’s soul rely on networking. Still, I am writing this article because, according to our core business ethics, we believe in safety-first and nothing is more important than human life and its freedom to radiation when it comes to the forceful implementation of some technology which will affect you whether you use it or not.

So, What is 5G?

5G is a standard of cellular mobile communication succeeding 4G (LTE/WiMax), 3G (UMTS) and 2G (GSM) that operates on the frequencies ranging from 3.5 GHz to 28 GHz for obtaining the speed of 490 Mbps to 1.4 Gbps respectively.

So, What are the dangers of 5G?

5G runs on the high frequency of 28 GHz and thus to strengthen the 5G signal connectivity, it is highly necessary to install the 5G radio transmitters and receivers on every street. And yes, continuous and constant emittance of electro-magnetic waves with the wavelength of 28 GHz in front of your house is serious concern of upcoming health problems as this frequency and magnitude of radiation can easily diagnose you with cancer and some other serious (irreversible, in some cases) disorders like anxiety attacks, insomnia, unwanted depression, headaches, chest pain, burning sensations, metallic taste in saliva, body tremors, heart palpitations and much more.

Why are telecom companies excited for 5G?

Answer is simple, MONEY! Telecom companies are experimenting on humans. This is something we can best relate to as ‘The Biggest Experimentation on Humans in History’ after the X-Rays. Yes you heard it right! In USA, initially the X-Rays were used in the cosmetic industry to remove facial hairs. This disastrously resulted in mutation and the companies back then responsible for such surgeries were held guilty by law and went bankrupt. 5G is a similar case. Like the X-Ray case study, today the telecom companies, are blindly rolling out 5G and slapping it directly on public. There is no satisfactory study or test is done to determine this rollout safe for public. And unfortunately, the public: you and me, is their test subject now. 5G infrastructure once setup will give them exponential times higher profit due to its significantly faster data transfer speed and enormously broader variety of applications. But people living nearby their 5G transmitters will face the radiation undeniably and in some cases: undesirably.

What telecom companies should do?

This might hear like some policy-making statement but we all have our rights to demand these companies for fine to compensate, charged as per our wishes, for the unwanted radiation damage we are suffering from in case we are not using their services.

Here is a short video from YouTube, people in opposition against 5G.

Suggestion to Telecoms: Short alternate to 5G is optic fibers!

Our take on 5G

We personally think 5G or any technology must not be implemented unless proved safe and satisfactory to all the life forms even including animals. We don’t hate new technology. We in fact love it. But we should not introduce any technology for general use unless it is properly tested. Unwise decisioning and haste could result in disorders among our society. Mind you: Leadership is built on trust!