Security is now a central concern for technical people and I would argue for most consumers. It is now typical for criminals to target banks, hospitals, and other critical institutions. Privacy is also an issue that is central to a free and progressive society. One solution that gets thrown out is SSL encryption for websites and how we all now need to secure our sites with an SSL certificate. Due to the market though, SSL certificates are one of those things that companies have a hard time making money off of. Most people do not buy SSL certificates, so you wind up with a market that sells bare bones SSL certificates that range around $25 and extended validation certificates for large ecommerce websites that cost thousands of dollars. This is where Let’s Encrypt changes things. Their certificates are free and are recognized by the web browser as a valid secure certificate. This makes SSL encryption a zero cost option for millions of individual webmasters who run websites like WebKeyDesign. There is one other difference with Let’s Encrypt certificates: they are limited to 3 month intervals instead of yearly intervals. However what makes Let’s Encrypt more appealing to webmasters is that the software makes renewals automatic and there is now software integration with cPanel and Virtualmin control panels.
My personal project is a virtual machine that I keep for journal purposes. It allows me the ability to write some thoughts and archive information for later viewing. The virtual machine runs CentOS 7 Linux and can be controlled using Virtualmin. The SSL certificate that was originally setup was self-signed and so I would have to manually add the certificate to iOS, MacOS, and make exceptions in browsers in order to use the website.
Since writing this, a few things have changed. Let’s Encrypt now requires version 2 of their protocol and old clients are no longer supported. Virtualmin needs to be updated to support the new client. You can read more about the issue on this Virtualmin Forum post. To have this work, on Centos 7, do the following first and then it should work.
yum install certbot
I followed TechJourney’s excellent guide: How to Use Let’s Encrypt SSL Certificate Automatically in Virtualmin & Webmin. There were a couple of issues I found out along the way.
The tutorial did not specify the path to the client command. For CentOS, I found this to be:
This may not be needed. I was able to let Virtualmin automatically find the new client.
Let’s Encrypt SSL for Webmin Login
A secondary problem that I ran into had to do with the separate subdomains. The Apache webserver will respond on your typical www.mydomain.net and mydomain.net, however the Webmin control panel is accessible by another prefix to mydomain.net. Under Virtualmin – Server Configuration – Manage SSL Certificate, the default will be Domains associated with this server. This setting will only pull in the domains that Apache is setup for. If you want to use the Let’s Encrypt SSL Certificate for other subdomains, you have to select Domain names listed here and manually type all your subdomains. You can then under the Current Certificate tab use the Copy to options and use the same certificate for Webmin, Usermin, etc.
If you went ahead and hit the Request Certificate button and then try to add domains, the process will error out. There is no way to reset the certificates from the Virtualmin interface. To resolve the problem, use secure shell and remove the letsencryt directory.
rm -rf /etc/letsencrypt
This allowed me to use the Request Certificate option again and have all my subdomains added to the certificate.
For this review, I will discuss my experience with a different type of external SSD drive. The Mushkin Enhanced Atlas FLUX USB 3.0 mSATA III SSD Enclosure Kit (AT-ENCKIT) is about the size of Zippo lighter and weighs 2.4 ounces (not including the mSATA drive that you need to purchase separately). Most people would probably prefer a regular USB Flash type drive than this type of solution. The Atlas costs about $20 and then the needed mSATA drive that fits inside can vary from $35 and up. The primary reason I purchased the Atlas, is due to the fact that I had an mSATA drive that I could not utilize for my latest laptop project. The Intel 310 Series 80GB mSATA Solid State Drive SSDMAEMC080G2C1 is an older drive that I purchased on Amazon and which I installed in the Atlas Flux enclosure.
Mushkin Enhanced Atlas FLUX USB 3.0 mSATA III SSD Enclosure Kit (AT-ENCKIT)
- Controller: AS Media 1053E USB 3.0 Controller
- Attachment: USB Attached SCSI Protocol support
- Casing: Durable aluminum casing
- Supported Drives: Supports 50mm and 25mm mSATA drives
- USB Compatible: USB 2.0 and USB 3.0 Compatible
- Transfer Speeds: Supports SATA 1.5 Gb/s
- Plug and Play (PnP) with 3Gb/s and 6Gb/s SSDs
Intel 310 Series 80GB mSATA Solid State Drive (SSDMAEMC080G2C1)
- Capacity 80GB
- Sequential Read – Up to 200 MB/s
- Sequential Write – Up to 70 MB/s
- SATA 3.0 3Gb/S
- Intel Product Page
The installation is quite simple. Mushkin includes a tiny screwdriver, however I recommend using a higher quality Philips #00 screwdriver. I have big hands and it is easier to use a regular full size screwdriver when removing tiny screws as this. Once you remove the panel, the board inside should slide out, and you should now be able to carefully install your mSATA drive. You slide the mSATA drive at a slight angle and then push it down. A snap on clip then holds the drive in place, similar to memory DIMM slots in a laptop. Finally screw back on the panel and you are done.
On Windows 7
I tested the Atlas Flux with my Dell Latitude e5430 laptop. This laptop has three kinds of ports that this drive can connect to. There is a USB 2 port, a USB 3 port, and an eSATAp port (also referred to as an eSATA/USB combo port). The operating system is Windows 7 64-bit. The main issue I had with the drive is that it is not really hot-swappable. Plugging it in the first time, the drive will appear and you are able to format it. But if you unplug the drive and then plug it back in, it will not appear in Windows again. You can restart Windows and then the drive will appear again. The problem was worse on the eSATAp port. The drive would remount over and over on this port. To fix this issue, with the drive visible in Windows, Go to the Start Menu and type DEVICE MANAGER and click on Device Manager in the results. Under Device Manager, under Disk Drives, find the drive and double-click on it. Now click on Policies and select Better Performance and click OK. The Atlas Flux cannot utilize the Quick Removal feature. This means that you must Eject the drive via the systray USB icon or by right-clicking on it and choosing Eject. The drive will now be stable and you may use it without restarting Windows. (more…)
In the previous Setup for Dell Latitude E5430 post, we did most of the legwork to create a boot ready flash drive with all the needed add-on software needed to create a clean image of Windows 7 Pro 64-bit. We now shutdown our machine and insert the flash drive into one of the USB ports on the laptop. If you are using the RecoveryTools 4, the Windows installation will be mostly automated. If you are not using Recovery Tools 4, then you will need to install Windows normally. I will cover both methods.
WINDOWS 7 Begins…
The computer will come up to a text only screen asking you to start from the Windows EMS option. Then a Windows screen will appear asking you to choose a language. The next dialog will ask you to choose which version of Windows 7 you want to install. The choice is Windows 7 Professional. At this point if you are using Recovery Tools 4, the process is automated and you will need to wait for Windows to install itself. If you are not using Recovery Tools, then this is a normal Windows 7 installation and you should install Windows normally and skip to the next section.
The machine will reboot and come up in Windows Audit Mode. The Sysprep dialog box will appear on the screen. Always close this box by using the X in the upper right corner of the dialog. You will need to do this every time you restart the machine. Do not click any options in the Sysprep dialog.