Low End Box and @Not_Oles thank Porkbun and Eddie Barksdale for providing this guest post about Certbun, Porkbun’s alternative to Certbot. “Why should I use Certbun rather than Certbot,” you ask? @Not_Oles answers, “Porkbun support is for sure the best!”
Every site should have an SSL certificate, but if you’ve ever used Certbot to generate a free Let’s Encrypt certificate, you know that it can be clunky at best. That’s why we automated the process of generating a wildcard certificate from Let’s Encrypt. If you’re using our own hosting, it’s also installed and updated automatically, so you never have to think about it.
Of course, if you’re running a VPS or your own home lab setup, you still have to download and install the certificates to your web server. And since Let’s Encrypt certificates expire every 90 days, that means you’re constantly having to update your SSL every couple of months.
Enter Certbun. Certbun is a lightweight Python script that uses the Porkbun API to download your SSL bundle, loads it in the correct location on your server, and then reloads your server to install it. The only requirements are that your domain is registered with us, using our nameservers, and your server is able to run Python. This should work on pretty much any OS, including Linux, Windows, Mac, and FreeBSD.
Set Up Certbun At Porkbun
To get started, first make sure your Porkbun account is set up for API access by verifying your email address and phone number inside your Porkbun account settings. From there, navigate to your Porkbun domain management, find the domain you’re wanting to use, and open up Details. Double-check that you’re using Porkbun’s nameservers and your SSL is already generated (it should read as “Have Certificate”). Then just click on the toggle for API Access to enable it for the domain.
Obtain API Key From Porkbun
After that, click on ACCOUNT in the upper right corner, then API Access, and create an API Key. Save the Secret Key to a secure location, as you won’t be able to see this again from your account without regenerating the key.
Set Up Your Server
On your server, make sure you have at least Python 2.7 setup on your machine, and Python’s package manager, PIP. From there, run
pip install requests
to install the requests package for Python.
Grab a copy of Certbun (https://github.com/porkbundomains/certbun) from Porkbun’s public Github, and unpack it somewhere secure on your machine that isn’t publicly accessible, otherwise you might accidentally expose your API key.
Next, rename “config.json.example” to just “config.json,” then open it in your favorite text editor. Paste in both the private and public API keys you generated from earlier, define your root domain in the domain field, add the locations and file names of where your four certificates will be installed (note: depending on your web server, you may not need the public and intermediate keys, you can just enter “/dev/null” if that’s the case), and lastly specify the command needed to reload or restart your hosting service.
To test the client, type the following:
python certbun.py config.json
If all goes according to plan, it should just work.
Finally, set up a recurring process to run the Certbun script. Most commonly, this would be accomplished via a cron job if you’re on Unix. On our end, certificates are regenerated automatically about 15 days before the old ones expire, thus an interval of once a week to run Certbun should be more than enough to make sure you’ve always got a valid certificate.
Wanna get started with Porkbun? You can sign up for a Porkbun account here and use coupon code LOWENDBOX22 for $1 off a new registration.
The post Certbun, An Easier Alternative To Certbot, From Porkbun appeared first on LowEndBox.