Securing AD Guard Home with Let’s Encrypt SSL Certificate: A Step-by-Step Guide
In this blog post, we’ll walk you through the process of installing an SSL certificate from Let’s Encrypt for AD Guard Home. Let’s Encrypt is a free, automated, and open certificate authority that provides SSL/TLS certificates for securing web servers. By installing an SSL certificate, you can ensure secure communication between your AD Guard Home server and client devices. Let’s get started!
Google chrome address bar warning,
Mozilla firefox address bar warning.
Step 1: Create DNS Pointer (A Record)
- Log in to your Public Facing DNS management tool.
- Create a DNS Pointer (A Record) for your Domain or Subdomain, pointing to the IP address of your AGH server.. We use cPanel so here is the pointer for our domain techtips.com.au
Once you have created your pointer (A Record) then you can use the domain or sub domain to point to the AGH server like the image below.
Step 2: Release Ports 80 and 443
- Temporarily change the AGH webserver port in the AdGuardHome.yaml file.
- Locate the AdGuardHome.yaml file using the command find / -type f -name *.yaml in your terminal.
- Open the file using your preferred text editor (e.g., sudo nano /opt/AdGuardHome/AdGuardHome.yaml).
- Change the port from 80 to any other port (e.g., 8080).
- Save and close the file.
- Open TCP Port 8080 temporarily in your firewall.
Step 3: Install Certbot and Certificates
- Install the Certbot package for SSL certificate automation.
- Update the package repository using the command sudo apt update
- Upgrade installed packages using the command sudo apt upgrade
- Install the snapd package using the command sudo apt install -y snapd
- Install the core snap package using the command sudo snap install core
- Install the certbot package using the command sudo snap install certbot –classic
- Create a symbolic link for certbot using the command sudo ln -s /snap/bin/certbot /usr/bin/certbot
- Run the command sudo certbot certonly –standalone to install SSL certificates.
- The certificate and key files will be stored in the /etc/letsencrypt/live/<your_domain>/ directory.
At this point certbot is installed. However your AGH web server is locking the port 80/443. Temporarily we need to assign different port to install the SSL. Certbot will run its own temporary webserver to accomplish this.
Step 4: Change Port Back to 80 and Reboot
- First change the port number in the AdGuardHome.yaml file. To find the file location in the server use find command like below in your terminal
Find / -type f -name *.yaml
- Open the AdGuardHome.yaml in your favourite text editor, I am going to use nano
Sudo nano /opt/AdGuardHome/AdGuardHome.yaml
- Change port 8- to any port, I am going to change mine to 8080 like image below
Make sure to open the TCP Port 8080 temporarily in your firewall.
- Now run the below command to install SSL Certificate
sudo certbot certonly –standalone
- Certificate and Key files are stored at the following location for Debian 11 and certbot
/etc/letsencrypt/live/YOU-SUBDOMAIN-NAME.DOMAIN.com.au/fullchain.pem
/etc/letsencrypt/live/YOUR-SUBDOMAIN-NAME.DOMAIN.com.au/privkey.pem
Step 5: Redirect Non-SSL Traffic to SSL
- Log in to your AGH portal.
- Navigate to Menu > Settings > Encrypting Settings.
- Change the settings to redirect all non-SSL traffic to SSL.
- Save the settings.
Your AGH server should now be successfully using SSL certificates, and your browser should indicate a secure connection. Your browser should now also indicate as soo.
Thank you for joining us on this exploration of AdGuard Home. We wish you all the best in your ongoing efforts to enhance your network’s security and privacy. Happy networking! 😊