Let's Encrypt SSL/TLS certificates may require manual update

As highlighted in the forums by Sean, Let's Encrypt recently discovered a bug in their Certificate Authority (aka CAA). The implication of this is that some of the certificates that they have issued, they shouldn't have!

3rd party SSL/TLS certs on TurnKey: convert CER/P7B to PEM

Stuart recently asked via support how to use third party .cer or .p7b SSL/TLS certificates with TurnKey v14.x.

As I don't run any permanent websites, I'm not super familiar with different certificate formats. My only experience really has been through my years with TurnKey and I've only ever encountered the text file .pem certs. So I did a quick bit of research to help Stuart out. I figured that seeing as it's been a little while since I wrote a blog post and this info may be useful for others, I wrote it up. :)

Blog Tags: 

Self signed and trusted SSL certificates

Important note: Please note that current appliances include support for getting free Let's Encrypt SSL certificates. Please see the Let's Encrypt docs within the new Confconsole doc pages for full details.

We don't need no stinking SSL

Why we disabled SSL and use an SSH tunnel for web site administration

Content managements systems like the one we're using for the web site (Drupal) need to provide a privileged administration interface which you usually want to access securely. Due to the insecure nature of the Internet, it's reasonable to assume your traffic may be intercepted at some point. So how do you prevent that?

Up until recently, we used SSL. You could access the web site from both:

Unfortunately, as the site grew in complexity this created a range of subtle but annoying paper-cut type problems.