quay:wiki

User Tools

Site Tools

Trace:
crypto:letsencrypt

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
crypto:letsencrypt [2019-05-20 00:50] – adding config snippet for nginx gabrielcrypto:letsencrypt [2019-05-21 22:00] – note re: badphotography.ca gabriel
Line 3: Line 3:
 We're currently using Let's Encrypt to generate and manage TLS certificates for quay.net and several other domains. We're currently using Let's Encrypt to generate and manage TLS certificates for quay.net and several other domains.
  
-Now that Let's Encrypt supports wildcard certs, our cert has been modified accordingly.  Currently quay.net is hosted on Amazon's EC2 and uses the AWS Route 53 service for public DNS on the Internet.  Ideally we'd be using the [[https://github.com/certbot/certbot/tree/master/certbot-dns-route53|certbot-dns-route53]] plugin, however it is not available in the OS distribution of certbot in Debian 9 and installing and running it from source is a dependency nightmare.+Now that Let's Encrypt supports wildcard certs, our cert has been modified accordingly.  Currently quay.net is hosted on Amazon's EC2 and uses the AWS Route 53 service for public DNS on the Internet.  Ideally we'd be using the [[https://github.com/certbot/certbot/tree/master/certbot-dns-route53|certbot-dns-route53]] plugin, however it is not available in the OS distribution of certbot in Debian 9 and installing and running it from source is a dependency nightmare that isn't worth the effort for such a simple use case.
  
 Thus, we'll use the manual process for generating and managing our certificates.  Let's get to it! Thus, we'll use the manual process for generating and managing our certificates.  Let's get to it!
Line 32: Line 32:
  
 <code> <code>
-#location /.well-known/acme-challenge { +USAGE: enable this configuration for Route 53 validation for Let's Encrypt 
-      alias /path/to/shared/acme-challenges; +location /.well-known/acme-challenge { 
-      autoindex off; +       alias /path/to/shared/acme-challenges; 
-#}+       autoindex off; 
 +}
 </code> </code>
 +
 +> **Note:** locally we have to manage some custom config for [[https://badphotography.ca|badphotography.ca]].
  
 The instructions are provided at each step and are fairly simple.  The prompt will look something like this for the DNS records: The instructions are provided at each step and are fairly simple.  The prompt will look something like this for the DNS records:
crypto/letsencrypt.txt · Last modified: 2019-10-16 13:03 by gabriel