crypto:letsencrypt
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
crypto:letsencrypt [2019-02-18 00:58] – wording gabriel | crypto:letsencrypt [2019-05-21 22:00] – note re: badphotography.ca gabriel | ||
---|---|---|---|
Line 3: | Line 3: | ||
We're currently using Let's Encrypt to generate and manage TLS certificates for quay.net and several other domains. | We're currently using Let's Encrypt to generate and manage TLS certificates for quay.net and several other domains. | ||
- | Now that Let's Encrypt supports wildcard certs, our cert has been modified accordingly. | + | Now that Let's Encrypt supports wildcard certs, our cert has been modified accordingly. |
Thus, we'll use the manual process for generating and managing our certificates. | Thus, we'll use the manual process for generating and managing our certificates. | ||
Line 24: | Line 24: | ||
<code sh> | <code sh> | ||
- | quay.net *.quay.net gabriel.to *.gabriel.to gabrielobrien.ca *.gabrielobrien.ca k538.ca *.k538.ca unx.is *.unx.is | + | quay.net *.quay.net gabriel.to *.gabriel.to gabrielobrien.ca *.gabrielobrien.ca k538.ca *.k538.ca unx.is *.unx.is |
</ | </ | ||
If all goes well, you will now be prompted to update a DNS TXT record for each domain as well as a file on the local webserver to allow the ACME service to validate that you actually control the domain(s) in question. | If all goes well, you will now be prompted to update a DNS TXT record for each domain as well as a file on the local webserver to allow the ACME service to validate that you actually control the domain(s) in question. | ||
+ | |||
+ | On our server we use an nginx configuration file that can be enabled or disabled to turn on shared challenge files during certificate renewal. | ||
+ | |||
+ | < | ||
+ | # USAGE: enable this configuration for Route 53 validation for Let's Encrypt | ||
+ | location / | ||
+ | alias / | ||
+ | | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | > **Note:** locally we have to manage some custom config for [[https:// | ||
The instructions are provided at each step and are fairly simple. | The instructions are provided at each step and are fairly simple. | ||
Line 70: | Line 82: | ||
It's a good idea to clean up these records now to avoid a potential backdoor that might allow somebody to take over your certificate and/or webserver. | It's a good idea to clean up these records now to avoid a potential backdoor that might allow somebody to take over your certificate and/or webserver. | ||
- | |||
- | On our webserver this can be done by running the '' |
crypto/letsencrypt.txt · Last modified: 2019-10-16 13:03 by gabriel