Automatically Provisioning Certificates, Using an Amazon Dash Button
“Let’s Encrypt” now only a push of a button away?
There has been a great deal of debate around the move to HTTPS on the web, although not all of it has been particularly well informed. But, unless you’ve been living under a rock for the last few years, it should be obvious that the web is moving to HTTPS. We have in fact reached a tipping point.
Traditionally, however, security certificates have an associated cost. Making your site secure has cost not just time, but money. So one thing that has driven the move is “Let’s Encrypt,” a free, automated, and open Certificate Authority.
But due to the short 90-day lifetime on their certificates, it turns out that the “automated” bit is sort of important. While there’s a lot advice, it can get pretty hairy especially on some operating systems. So, wouldn’t it be better if you could renew your certificates at the push of a button?
The Amazon Dash Button was launched over three years ago on April 1st. The initial reaction by a lot of people was that it could well be a joke, John Gruber said at the time that “I’m not sure whether this is genius, or the stupidest thing Amazon has tried yet.”
Either way, since its release, makers have taken the little Internet-connected button into their hearts, and into their homes. Now security researcher Scott Helme has hacked the Dash Button to automatically (re-)issue “Let’s Encrypt” certificates.
Using the Dasher framework, designed to bridge your Amazon Dash buttons to HTTP services, and the acme.sh script that allows you to automatically issue certificates, Helme connected the button up to issue the certificate using a simple PHP script.
“It allows you to issue Let’s Encrypt certs using the DNS challenge instead of a HTTP challenge so I don’t need to host any services externally for this little project. The script simply hooks the Cloudflare API, sets some DNS TXT records and then issues a certificate for me.”
Now you have no excuse not to renew your certificates when you get the nagging emails or text messages from your server management console telling you they’re all about to expire. Just push the button and you’re done.