lun. 16 février 2026

The server we are setting up needs to be protected. My goal is to open as little as ports as possible. Specially, I would prefer that most services use http i.e. port 80 and to be secure https (port 443).

To achieve this goal, we need a certificate proving that our server is what it prenteds to be. This make be a big mess with certifying authorities but fortunately, there letsencrypt that provides 3-month long certificates but there are bots to renew them.

Requirement

Doing this require (1) a domain name, celled thereafter $DOMAIN and (2) to open port 80 of your box. With FreeBox, we need to pass in full-stack mode (from the customer configuration page).

The configuration of the port retargetting:

• Destination IP: 192.$SERVER
• Source IP: all
• Protocol: TCP
• Port range: 80-80
• Port destination: 80

Setting up the certificate

First, we install the bot:

sudo apt install certbot python3-certbot-apache

And we can run it:

$ sudo certbot --apache -d $DOMAIN

It will install itself in the Apache 2 configuration files

Redirecting port 443

In orerto access your web pages at address: http://$DOMAIN, you have to redirect port 443 in your preferred box:

• Destination IP: 192.$SERVER
• Source IP: all
• Protocol: TCP
• Port range: 443-443
• Port destination: 443

Final Words

It is important that all this software is free (from freedom) but not free (for price). Peoples are implementing it and maintaining convenient websites as letsencrypt. From time to time, it could helpfull to donate to organization supporting them. In this case,

• letsencrypt
• EFF

Category: EHome Tagged: letsencrypt https