User Tools

Site Tools


crypto:letsencrypt

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
crypto:letsencrypt [2018-12-22 17:46] – created gabrielcrypto:letsencrypt [2019-10-16 13:03] (current) – updated to semi-manual process with dns-route53 gabriel
Line 1: Line 1:
 ====== Let's Encrypt Usage Notes ====== ====== Let's Encrypt Usage Notes ======
  
 +We're currently using Let's Encrypt to generate and manage TLS certificates for quay.net and several other domains.
  
-<code sh> +Currently quay.net is hosted on Amazon's EC2 and uses the AWS Route 53 service for public DNS on the Internet We can use the certbot dns-route53 plugin with Debian 10 to manage authentication using the following script.
-certbot certonly --dns-route53 --logs-dir /home/certbot/letsencrypt --config-dir /home/certbot/letsencrypt --work-dir /home/certbot/letsencrypt --dry-run -d quay.net -d *.quay.net -d gabrielobrien.ca -d *.gabrielobrien.ca -d gabriel.to -d *.gabriel.to -d k538.ca -d *.k538.ca+
  
-sudo ./certbot-auto certonly --dns-route53 --dry-run -d quay.net -d *.quay.net -d gabrielobrien.ca -d *.gabrielobrien.ca -d gabriel.to -d *.gabriel.to -d k538.ca -d *.k538.ca -d +<code bash> 
-sudo ./certbot-auto certonly --dns-route53 --dry-run -d quay.net -d *.quay.net -d gabrielobrien.ca -d *.gabrielobrien.ca -d gabriel.to -d *.gabriel.to -d k538.ca -d *.k538.ca -d+#!/bin/bash 
 + 
 +# my domains 
 +mapfile -t domains <<-DOMAINS 
 +quay.net 
 +gabriel.to 
 +gabrielobrien.ca 
 +k538.ca 
 +unx.is 
 +badphoto.ca 
 +badphotography.ca 
 +DOMAINS 
 + 
 +# AWS credentials 
 +export AWS_ACCESS_KEY_ID="my key id" 
 +export AWS_SECRET_ACCESS_KEY="my secret" 
 + 
 +# generate wildcard records for each domain 
 +for domain in ${domains[@]}; do 
 +  domainlist+="-d $domain -d *.${domain} " 
 +done 
 + 
 +systemctl stop nginx 
 +certbot certonly --dns-route53 $domainlist 
 +systemctl start nginx
 </code> </code>
crypto/letsencrypt.1545518809.txt.gz · Last modified: 2018-12-22 17:46 by gabriel