What is this
Let's Encrypt is a certificate authority that provides free domain-validated TLS certificates via an automated process. For various reasons, Let's Encrypt does not issue certificates with lifetimes longer than 3 months. NearlyFreeSpeech.NET is a popular webhost that I happen to use. This project is a fork of
lets-nfsn.sh which provides easy-setup fully automated Let's Encrypt TLS certificate renewal on NFSN.
It used to be that the NFSN cron could not call
nfsn -i set-tls to upload the new certificates. This project provided a workaround enabling cron to log in via ssh to perform the certificate upload (possibly introducing extra security risks). The NFSN cron limitation has recently been fixed (and the workaround in this repository has been removed), so the main reason I'm keeping this project up is because
lets-nfsn.sh auto-updates itself and the
dehydrated submodule without signature checking, and I like to have control.
Upgrade security notice
If you were using an older version of this project, you are strongly encouraged to delete (filename "
id_ssh_cron_ed25519") and disable (via NFSN web interface, profile, scroll down to "SSH Keys") the ssh key you added for cron purposes, as it may provide an opportunity for attack. You will also need to edit the cron task settings (via the NFSN web interface, on your site, "Manage Scheduled Tasks") so that it runs on the ssh server and not the web server.
How can I use this to my advantage
- Configure SSH and use it to log into NFSN.
cd /home/private; mkdir lets_nfsn; cd lets_nfsn fossil clone https://hydra.ecd.space/f/simple_lets_nfsn/ lets_nfsn.fossil fossil open lets_nfsn.fossil release
./nfsn-init.shand just follow the on-screen instructions.