I use Let's Encrypt for all my certificates.  A lot of people don't like that they expire after 90 days but with the right tools you can easily setup automatic renewals.

The simple and quick instructions below are for installing certbot with cloudflare dns plugin on Ubuntu 20.04  Using the CF DNS plugin means you don't have to manually update DNS TXT record to prove domain ownership!  Let's get started.

1. Install Certbot first using SNAP.  Make sure you have not already installed using APT.  If you have, first run the command below to uninstall

sudo apt remove certbot


sudo snap install --classic certbot

Followed by the command below which enables plugins to be used.  This is a security feature.

sudo snap set certbot trust-plugin-with-root=ok

2. Next install the Cloudflare Certbot DNS plugin

sudo snap install certbot-dns-cloudflare

3. Next follow all the commands below in consecutive order to create a .secrets secure folder and a cloudflare.ini containing the Restricted API key.  Be sure to run all commands as root.

CD to ~ 
mkdir .secrets
# create ini file containing the API Key you create in Cloudflare portal.  Be sure to create a Restricted Token and do not use the Global API Key
cd .secrets/

nano cloudflare.ini
# copy the text below into cloudflare.ini file using nano
dns_cloudflare_api_token = YOURTOKENHERE
#CTRL+X to save and close the file

 4. Now you should be able to run the command to request the Certificate and the plugin will create and delete a TXT file for you.

sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials /root/.secrets/cloudflare.ini -d "*.example.net"

That's it!  Another cool thing is certbot will create a CRON job to automatically renew your cert.


Extract cert & key from PFX

To extract the private key and SSL Certificate from PFX file do the following:

openssl>pkcs12 -in filename.pfx -nocerts -out key.pem -nodes

openssl>pkcs12 -in filename.pfx -nokeys -out cert.pem

to remove the password from the file:

openssl>rsa -in key.pem -out server.key

Once you have these items extracted you can now create a new PFX file containing the SSL Intermediate certificate.  This is sometimes a requirement on some systems like load balancers that don't have a place to upload a separate SSL cert.

openssl>pkcs12 -export -out your_cert.pfx -inkey your_private.key -in your_cert.cer -certfile verisign-chain.cer

Convert a CER to PEM

Run the following command:

openssl x509 -inform pem -in certificate.cer -outform der -out certificate.pem



It is now considered best practice to simply edit the nsswitch.conf file located under DRIVE:\cygwin64\etc\ and add the line:

db_home:    windows

Also, be sure to add "C:\cygwin64\bin" to your PATH Environment Variables.

I use cygwin openssh to allow me to ssh to *Nix machines.  One problem after initial install is that cygwin cannot save the ssl cert on your PC because the default path is wrong.  Here is how to fix that.

Find the "passwd" file usually located here "C:\cygwin64\etc" on a default 64bit install.  Edit the file in notepad and change the following line.

FROM: /home/username

TO: /cygdrive/c/users/username

where "username" is your windows login.  Please note that "cygdrive" in the above path is the actual text you need to use.  This is not the path for cygwin.

Save the file and you are good to go.


I have always used WinSCP to copy file to/from linux based systems.  I recently setup a VMware ESXi 5.0 server in my home lab and found myself needing to sometimes copy large files like ISOs or VMDK files to and from the server to my PC.  I have heard that FastSCP is much faster then WinSCP and some of my copies were taking 1+ hour so I decided to take a look.

What I found is that FastSCP is indeed faster.  Not just a little bit either.  I think their claim of 6X faster is actually pretty accurate.  I found that to copy about 40GB file using WinSCP took about 1 hour.  The same copy using FastSCP took only 8 - 15 minutes on average.  See image below:

As you can see from image above FastSCP is pretty fast.  It definitely uses the bandwidth available more efficiently.