Stay Ahead With Linux Security HOWTOs
How to Secure My Network
security advisory remote access
security advisory remote access Most of the time, nobody notices. SSH authentication succeeds, no alerts are generated, and the connection looks exactly the way it did the day the key was installed. That's part of the problem. . When security teams investigate unauthorized access on Linux systems, they often focus on passwords, exposed services, or vulnerable software. Trusted access receives less attention. Yet a single forgotten or unauthorized SSH key can provide the same access as a legitimate user while attracting very...
Jun 03, 2026
How to Secure My Networkintrusion detection application security
intrusion detection application security The wrong IPS rule can look like a security fix right up until it becomes an outage. . On Linux systems, detection and prevention are often discussed together, but they do not carry the same operational risk. One tells admins that something suspicious happened. The other can decide whether traffic is allowed to continue. That is why IDS vs IPS is not just a definition to memorize. It is a deployment decision about where to monitor, where to block, and how much confidence a team needs before...
Jun 01, 2026
How to Secure My Networkunauthorized access security techniques
unauthorized access security techniques Exposed SSH servers are continuously hammered by brute-force attacks, password spraying, credential stuffing, and recycled passwords from infostealer dumps. Attackers rotate usernames, test weak credentials, and probe for anything that gives them initial access. The logs usually look messy long before the compromise happens. . The difficult part is separating harmless failures from actual intrusion activity. One failed login from an internal workstation rarely matters. Repeated failures...
May 28, 2026
How to Secure My Networksecurity advisory incident response
security advisory incident response The first 30 minutes after discovering a compromised Linux server usually decide how much evidence remains available. One rushed reboot or cleanup attempt can wipe logs, terminate malicious processes, or remove network activity that investigators still need to review. Attackers also do not usually stay on one system for long once access is established. Early response is mostly about preserving visibility. Collect process information. Save network connections. Limit access carefully before...
May 28, 2026
How to Secure My Networknetwork monitoring Linux server
network monitoring Linux server When a Linux server initiates an unauthorized outbound connection to an unknown IP address, it rarely triggers an immediate system failure. Instead, the server continues running normally, and the connection is usually only discovered during a routine firewall log review, a DNS audit, or a post-incident investigation. Because there are no obvious system crashes or performance drops, these quiet outbound sessions can easily be overlooked. . However, treating these anomalies lightly is a...
May 27, 2026
Refine HOWTOs
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security HOWTOs
We found -3 articles for you...
163
certificate managementhttpsssl certificateEnable HTTPS Using Free ZeroSSL Certificates for Linux Admins
ZeroSSL is a free SSL certificate authority created by CodeNotary, a software company known for its immutability and blockchain solutions for data integrity. . Launched in 2018, ZeroSSL emerged as an alternative SSL certificate provider focused on providing domain-validated (DV) certificates for free to individuals, developers, and small businesses. As an automated certificate authority, ZeroSSL issues browser-trusted SSL certificates for HTTPS encryption within minutes through an easy-to-use API. This enables any website or application to enable HTTPS and SSL/TLS encryption for secure connections. Some key features of ZeroSSL certificates include: Completely free SSL certificates with unlimited issuance and no account required. Automated validation and issuance processes for obtaining SSL certificates almost instantly. Trusted by all major browsers and devices for enabling HTTPS and encrypting connections. Supports wildcard certificates and allows securing multiple subdomains. 90-day certificate lifetime with automated renewal and reissuance processes. Friendly customer support by the CodeNotary team. With its focus on ease-of-use and automated workflows, ZeroSSL aims to make HTTPS security accessible for everyone through free SSL certificates. Why Use ZeroSSL? ZeroSSL has emerged as a popular choice for open-source enthusiasts looking to enable HTTPS on their websites and web applications. There are several key reasons why admins and developers opt for ZeroSSL certificates over other SSL providers: Free SSL certificates - ZeroSSL provides free TLS/SSL certificates with unlimited validity and wildcards at no cost. This makes ZeroSSL one of the only providers offering completely free certificates ideal for personal projects, testing environments, intranets, and more. Automatic renewal - Once the certificate is installed, ZeroSSL handles renewing it automatically before expiration so you don't have to worry about any disruptions. Therenewal process happens seamlessly in the background. Easy installation - Installing ZeroSSL certificates follows a simple and straightforward process across all major platforms like Apache, Nginx, HAProxy and more. The detailed documentation makes the installation easy even for beginners. The combination of being free, automated, and easy to install makes ZeroSSL a top choice among the open-source and self-hosted communities. For developers and administrators managing multiple sites and applications, the convenience of ZeroSSL can be invaluable. Prerequisites Before installing a ZeroSSL certificate, you'll need to have a few things set up: Domain name : You'll need a registered domain name that points to your web server's IP address. This is the domain name that your SSL certificate will be issued for. Web server installed : ZeroSSL certificates can be installed on any web server software like Apache, Nginx, IIS, etc. So you'll need to have your web server already set up and running on your server. The web server should be accessible from the internet on port 80 and 443. Generating a Certificate To generate an SSL certificate with ZeroSSL, we'll use the certbot tool. Certbot is an automatic client that fetches and deploys SSL/TLS certificates for your web server. First, install certbot on your Linux system if you don't already have it: sudo apt install certbot Once certbot is installed, you can generate your certificate by running: sudo certbot certonly --manual Certbot will prompt you to enter your domain name and validate domain control. You must add some DNS TXT records to prove you own the domain. After providing your domain details, certbot will communicate with the ZeroSSL API to generate your certificate. The certificate files will be saved to /etc/letsencrypt/live/yourdomain/ . The key part is proving domain ownership to ZeroSSL via DNS validation. As long as you can add the necessary TXT records to your DNS zone, you can generate SSLcertificates for any domains you own. Installing the Certificate Once you've generated your certificate using ZeroSSL, it's time to install it on your server. This will allow your site to be served over HTTPS using the SSL certificate you obtained. To install the certificate, we'll use the Certbot tool. Certbot is a popular automatic certificate installation and renewal tool provided by Let's Encrypt. Here are the steps: Run the certbot command, specifying the path to your certificate and key files: sudo certbot certonly --cert-path /path/to/cert.pem --key-path /path/to/privkey.pem Certbot will install the certificate in the correct location on your server. By default, Certbot places certificates in /etc/letsencrypt/live/your-domain/ . Once installed, your certificate and private key will be available in the following locations: /etc/letsencrypt/live/your-domain/fullchain.pem - Certificate file /etc/letsencrypt/live/your-domain/privkey.pem - Private key Certbot also handles automatically configuring your web server (Apache, Nginx, etc) to use the new certificate. That covers the key steps for installing your ZeroSSL certificate using the Certbot tool. The certificate will now be active and enable HTTPS for your website using the trust of Let's Encrypt. Verifying the Installation Once the certificate is installed, verifying everything works properly is important. Here are a couple ways to confirm your site is now being served over HTTPS with the new SSL certificate: Checking HTTPS Use the curl command to check that your website is returning content over HTTPS: curl -I Look for a 200 OK response code and confirm the page is served over HTTPS. Testing on Browser Simply navigate to your website URL in a browser, making sure to use https:// . The browser should show a lock icon and identify the domain as secure. You can click the lock to inspect the certificate details and confirm it matches the one you installed. Try accessingsome pages on the site to verify they are all loading securely over HTTPS without any certificate warnings or errors being shown. Renewing the Certificate Certificates issued by ZeroSSL are valid for 90 days, after which you'll need to renew them to maintain valid HTTPS encryption. There are a couple ways to renew your certificate: Automatic Renewal ZeroSSL supports auto-renewal of certificates through ACME clients like Certbot. If you used Certbot to generate and install your certificate initially, it can automatically renew it when it nears expiration. Certbot runs twice daily in the background to check certificate expiration. If a certificate is within 30 days of expiring, Certbot will automatically renew it. This ensures your certificate stays valid and your site remains securely encrypted. Manual Renewal You can also manually renew your ZeroSSL certificate by regenerating and reinstalling it. The steps are the same as the initial installation: Go to your ZeroSSL Dashboard and log in. Under 'Certificates', click the 'Download' button next to the expiring certificate. This will generate a new 90-day certificate with the same domains as before. Install the new certificate on your web server, replacing the expiring certificate. Restart the web server process so it uses the renewed certificate. Manually renewing ensures you get a fresh 90-day certificate. However, automatic renewal through ACME clients like Certbot is usually more convenient. Revoking the Certificate There may come a time when you need to revoke your ZeroSSL certificate. The most common reasons to revoke a certificate are: Your private key has been compromised. If your private key is exposed, revoking the certificate immediately is important so an attacker can't use it. You're migrating to a new certificate. When migrating to a new certificate for the same domain, it's best practice to revoke the old certificate. Your domain ownership has changed. If you no longer control the domain tied tothe certificate, you should revoke it. The certificate contains inaccurate information. If any information in the certificate becomes inaccurate, like the domain name or company details, it should be revoked. Revoking a certificate is easy with ZeroSSL. Just log into your ZeroSSL account and go to the "Certificates" section. Find the certificate you want to revoke, click the actions menu, and select "Revoke Certificate." ZeroSSL will immediately revoke the certificate and be added to certificate revocation lists (CRLs). This prevents the certificate from being trusted by browsers and other software. When you revoke a certificate, it's important to replace it immediately to avoid downtime for your website or application. Be sure to generate and install a new certificate before revoking the old one. Overall, revoking certificates when appropriate helps maintain the security of your website and prevents misuse. ZeroSSL makes it simple to both obtain and revoke free SSL certificates. Troubleshooting Issues If you encounter any errors during the ZeroSSL installation and configuration process, here are some common issues and debugging steps to try: Browser not trusting the certificate Ensure the certificate files are in the correct location for your web server. For Nginx this is usually /etc/ssl/certs . Check that the certificate file permissions allow the webserver to read the files. Confirm that your server configuration properly specifies the certificate and key file paths. Try clearing your browser's SSL cache and restarting the browser. Certificate not renewing automatically Check your cronjob configuration to renew the cert. Make sure the cron script can execute and has the proper permissions. If using auto-renewal with Certbot, verify it is installed and configured correctly. Manually run the renewal command as root/sudo to see if it works when executed directly. Web server not listening on HTTPS Double-check that the web server configurationspecifies a valid SSL certificate. Confirm that an HTTPS/SSL listening port is enabled and not being blocked by a firewall. Try restarting the web server and network services. Getting certificate issuer errors Ensure you use the latest intermediate certificates from your CA (Certificate Authority). Regenerate the certificate if a no longer trusted CA issued it. Ensure the root CA certificate is distributed to clients for privately issued certificates. Site visitors getting SSL warnings Verify the certificate is valid and signed by a trusted authority. Check the expiration date. Ensure you are not using self-signed certificates, which will cause SSL warnings. Confirm that you have the full certificate chain, not just the domain certificate. Final Thoughts on Securing Your Website with the Free ZeroSSL SSL Certificate Installing SSL certificates with ZeroSSL provides a quick and easy way for Linux administrators to enable encrypted HTTPS connections on their websites and applications. As outlined in this guide, ZeroSSL offers free certificates that are trusted by all major browsers, with automated validation and issuance through ACME. Some key benefits to using ZeroSSL include: Free TLS/SSL certificates that are valid for 90 days, with unlimited renewals. This removes the cost barrier to enabling HTTPS. Automated certificate issuance through integration with the ACME protocol. After generating a certificate request, the rest of the process is automated. Trusted certificates that are recognized by all major browsers. The certificates use industry-standard 2048-bit RSA encryption. Fast issuance with certificates issued in under 10 minutes in most cases. This enables admins to quickly enable HTTPS. Easy renewal and revocation. Certificates can be easily renewed before expiration or revoked if needed. Feature-rich control panel for managing all certificates from one dashboard. Overall, ZeroSSL provides an excellentfree option for Linux administrators to implement HTTPS and SSL/TLS encryption. The automated process through ACME combined with trusted certificates removes the typical barriers to enabling HTTPS security across websites and applications. Are you using ZeroSSL to secure your website? We'd love to hear how your experience has been! Connect with us on X @lnxsec, and let's discuss! . Obtain complimentary SSL certificates from Let’s Encrypt for instant HTTPS implementation, recognized by top web browsers, and user-friendly for systems admins on Linux.. Free SSLCertificates, HTTPS Security, Linux Admin, Automated Certificate Generation. . Brittany Day
Jan 09, 2024
•
How to Secure My Webserver
163
encryptionhttpswebsite protectionEnhance Website Security with Let's Encrypt for Free HTTPS Setup
Back in the bad old days, setting up basic HTTPS with a certificate authority cost as much as several hundred dollars per year, and the process was difficult and error-prone to set up. Now we have Let's Encrypt for free, and the whole thing takes just a few minutes.. Why Encrypt? Why encrypt your sites? Because unencrypted HTTP sessions are wide open to multiple abuses: Eavesdropping on your users Capturing user logins Injecting ads and "important" messages Injecting spyware Injecting SEO spam and links Injecting cryptocurrency miners Internet service providers lead the code-injecting offenders. How to foil their nefarious desires? Your best defense is HTTPS. Let's review how HTTPS works. The link for this article located at Linux.com is no longer available. . In today's digital world, user data protection is crucial, and HTTPS plays a vital role by encrypting data exchanges, keeping sensitive information safe from prying eyes. HTTPS, Website Security, Free Certificates, Encrypting Traffic. . Brittany Day
Jan 20, 2019
•
How to Secure My Webserver
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More