Setting Up an HTTPS Proxy with Let's Encrypt and GOST¶
Original post: https://groups.google.com/g/go-gost/c/32jXBP3pAxc.
Let's Encrypt launched its public beta on December 3rd, meaning everyone can now have a free TLS certificate, provided the server is bound to a domain name.
First, generate the certificate:
git clone https://github.com/letsencrypt/letsencrypt.git
cd letsencrypt
letsencrypt-auto certonly --email your_email@email.com -d your_host_domain.com
If everything goes well, a live directory will be created under /etc/letsencrypt/, containing your domain directory and the certificate files.
We only need two files: cert.pem and privkey.pem.
With the certificates ready, you can now run the HTTPS proxy:
GOST has a built-in TLS certificate. To use your own certificate, place cert.pem and key.pem (key.pem is the privkey.pem from Let's Encrypt) in gost's working directory.
Assuming the gost binary is in /home/abc:
cd /home/abc
cp /etc/letsencrypt/live/your_host_domain.com/cert.pem /home/abc/cert.pem
cp /etc/letsencrypt/live/your_host_domain.com/privkey.pem /home/abc/key.pem
Finally, run gost:
If you don't see the error open cert.pem: no such file or directory, the Let's Encrypt certificate loaded successfully.
On the browser side, use SwitchyOmega to add this HTTPS proxy.