Obtaining Let's Encrypt Certificates Without Sudo

LinkLocker uses a certificate provided by Let's Encrypt to enable TLS 1.2 encryption over https. Let's Encrypt is a not-for-profit initiative to spread the use of encrypted transfer to as much of the Web as possible. Their certificates provide verification that a site is what it says it is, and allow for fully encrypted data transfer between two parties (in LinkLocker's case, this means between our server and your computer). These certificates have in the past been costly to obtain, thus greatly dampening the growth of encrypted transfer on the Internet. The certificates provided by Let's Encrypt are completely free, which is a great way to help make TLS the norm. The standard Let's Encrypt Certbot will even update your certificate automatically every few months. Unfortunately, you need to grant root privileges to their script. There are some potentially scary security implications to this, so I looked for and found another way: a set of Python scripts by Daniel Roesler called Let's Encrypt Without Sudo.

LEWS (as I'll call it) allows you to generate the necessary files, including the encryption keys and the certificate signed by Let's Encrypt, right on your local machine. You can then upload them to your server, and bam, you've enabled https. Note that you do need to run a temporary BaseHTTPServer on the remote machine in order to verify that the server is yours, but you are issuing a single Python shell command, which you can read and approve before you enter it. At no point in the process do you need to let a third-party script run with persistent root permissions on your server, which I see as a pretty clean win.

As with all things leading to more security, there is admittedly a trade-off with respect to convenience. Using this method requires manual renewal of the certificate every three months. It's not too terribly time-consuming or difficult a process, but it is something you need to remember to do. I find that the need to ensure manually that a new cert is installed provides a great opportunity to audit the server's TLS configuration, and to improve / harden it on a regularly recurring basis. For this reason and for the peace of mind I get in not granting root to Certbot, I believe the trade-off is well worth it in the end.