Differences

This shows you the differences between two versions of the page.

--- crypto:letsencrypt [2019-02-18 00:58] – wording gabriel
+++ crypto:letsencrypt [2019-05-20 00:52] – fixing typo gabriel
@@ Line 24: / Line 24: @@
 <code sh>
-quay.net *.quay.net gabriel.to *.gabriel.to gabrielobrien.ca *.gabrielobrien.ca k538.ca *.k538.ca unx.is *.unx.is
+quay.net *.quay.net gabriel.to *.gabriel.to gabrielobrien.ca *.gabrielobrien.ca k538.ca *.k538.ca unx.is *.unx.is badphoto.ca *.badphoto.ca badphotography.ca *.badphotography.ca
 </code>
 If all goes well, you will now be prompted to update a DNS TXT record for each domain as well as a file on the local webserver to allow the ACME service to validate that you actually control the domain(s) in question.
+On our server we use an nginx configuration file that can be enabled or disabled to turn on shared challenge files during certificate renewal.
+<code>
+# USAGE: enable this configuration for Route 53 validation for Let's Encrypt
+location /.well-known/acme-challenge {
+       alias /path/to/shared/acme-challenges;
+       autoindex off;
+}
+</code>
 The instructions are provided at each step and are fairly simple.  The prompt will look something like this for the DNS records:
@@ Line 70: / Line 80: @@
 It's a good idea to clean up these records now to avoid a potential backdoor that might allow somebody to take over your certificate and/or webserver.  You only need to do this every 90 days, and eventually the route53 package will be properly integrated in Debian 9.
-On our webserver this can be done by running the ''clean-acme-challenge.sh''.