Securing web applications and websites with HTTPS is a crucial aspect of modern internet security. Let’s Encrypt has become a popular choice for obtaining free SSL/TLS certificates to enable HTTPS for your web services. In this blog, we will explore how to generate and use Let’s Encrypt certificates in Python
Prerequisites
- Python: Ensure Python is installed on your server.
- Domain Name: Confirm your domain points to your server.
- Root/Sudo Access: To Gain system-level permissions and generate certs.
- Firewall Configuration: Open ports 80 and 443 for Let’s Encrypt.
Installing certbot
Certbot is a valuable tool for simplifying the process of obtaining, renewing, and configuring SSL/TLS certificates, making it an essential component in securing applications with HTTPS.
sudo apt update
sudo apt - get install certbot - y
Generating a Certificate using certbot
When using Certbot, the process of generating a certificate involves running a command, typically certbot certonly
, and specifying the domain name(s) for which the certificate is needed.
Certbot then contacts Let’s Encrypt, the certificate authority, and performs domain validation challenges to prove ownership. Once validated, a certificate is issued and saved locally. This certificate can then be configured on your server to enable HTTPS for your website, enhancing security and data encryption.
For this blog, we are going to use --standalone
mode with Certbot for generating certificates. In the context of Certbot, --standalone
is a convenient option when your web server is not yet configured, or you want to obtain a certificate for a service that doesn’t typically run on port 80, like a standalone application.
# replace example.com with your domain
sudo certbot certonly --standalone - d example.com
After running the command certbot creates a prompt, follow it and certbot will guide you through the certificate issuance process. It may ask for your email address and prompt you to agree to Let’s Encrypt’s terms of service, n email address for important notifications and few other details. The certs are generally saved at location /etc/letsencrypt/live/example.com/
Using generated cert with python
- Update DOMAIN in the given python script.
- Update PORT, CERTIFICATE, & KEY_FILE if required.
- Save the file and run the file using
python file_name.py
orpython3 file_name.py
- Now your sever should be accessible at
https://DOMAIN:PORT
this info is also printed on shell.
import http.server
import socketserver
import ssl
######### MUST GIVE THE DOMAIN
DOMAIN = "abc.com"
PORT = 443 # Choose any available port
CERTIFICATE_FILE = f'/etc/letsencrypt/live/{DOMAIN}/cert.pem' # Path to your SSL certificate
KEY_FILE = f'/etc/letsencrypt/live/{DOMAIN}/privkey.pem' # Path to your SSL certificate
Handler = http.server.SimpleHTTPRequestHandler
# Create an SSL context with your certificate and private key
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
ssl_context.load_cert_chain(certfile = CERTIFICATE_FILE, keyfile = KEY_FILE)
# Create the HTTPS server
with socketserver.TCPServer(("", PORT), Handler) as httpd:
httpd.socket = ssl_context.wrap_socket(httpd.socket, server_side = True)
print(f"Serving at https://localhost:{PORT}")
httpd.serve_forever()