crypto:letsencrypt
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
crypto:letsencrypt [2019-02-18 00:58] – wording gabriel | crypto:letsencrypt [2019-05-20 00:52] – fixing typo gabriel | ||
---|---|---|---|
Line 24: | Line 24: | ||
<code sh> | <code sh> | ||
- | quay.net *.quay.net gabriel.to *.gabriel.to gabrielobrien.ca *.gabrielobrien.ca k538.ca *.k538.ca unx.is *.unx.is | + | quay.net *.quay.net gabriel.to *.gabriel.to gabrielobrien.ca *.gabrielobrien.ca k538.ca *.k538.ca unx.is *.unx.is |
</ | </ | ||
If all goes well, you will now be prompted to update a DNS TXT record for each domain as well as a file on the local webserver to allow the ACME service to validate that you actually control the domain(s) in question. | If all goes well, you will now be prompted to update a DNS TXT record for each domain as well as a file on the local webserver to allow the ACME service to validate that you actually control the domain(s) in question. | ||
+ | |||
+ | On our server we use an nginx configuration file that can be enabled or disabled to turn on shared challenge files during certificate renewal. | ||
+ | |||
+ | < | ||
+ | # USAGE: enable this configuration for Route 53 validation for Let's Encrypt | ||
+ | location / | ||
+ | alias / | ||
+ | | ||
+ | } | ||
+ | </ | ||
The instructions are provided at each step and are fairly simple. | The instructions are provided at each step and are fairly simple. | ||
Line 70: | Line 80: | ||
It's a good idea to clean up these records now to avoid a potential backdoor that might allow somebody to take over your certificate and/or webserver. | It's a good idea to clean up these records now to avoid a potential backdoor that might allow somebody to take over your certificate and/or webserver. | ||
- | |||
- | On our webserver this can be done by running the '' |
crypto/letsencrypt.txt · Last modified: 2019-10-16 13:03 by gabriel