tips:ssl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
tips:ssl [2019/02/22 15:20] – [nginx] scipiotips:ssl [2022/06/22 07:15] (current) – [letsencrypt staging] sscipioni
Line 5: Line 5:
 [[https://letsencrypt.org/|letsencrypt certification authority]] is free, automated and open. [[https://letsencrypt.org/|letsencrypt certification authority]] is free, automated and open.
  
 +===== letsencrypt staging =====
 +
 +get ca certificate and use with curl
 +<code | download>
 +API_HOST=sso.csgalileo.org
 +echo quit | openssl s_client -showcerts -servername "$API_HOST" -connect "$API_HOST":443 > cacert.pem
 +curl --cacert cacert.pem https://sso.csgalileo.org/
 +</code>
 +
 +in browser import this [[https://letsencrypt.org/certs/staging/letsencrypt-stg-int-r3.pem|CA]]
 ===== certbot ====== ===== certbot ======
  
 <code> <code>
 +snap install --classic certbot
 +
 +# or for focal pre
 add-apt-repository ppa:certbot/certbot add-apt-repository ppa:certbot/certbot
 apt-get update apt-get update
Line 17: Line 30:
 </code> </code>
  
 +wildcard 
 +<code> 
 +certbot certonly \ 
 + --manual \ 
 + --preferred-challenges=dns \ 
 + --email stefano.scipioni@csgalileo.org \ 
 + --server https://acme-v02.api.letsencrypt.org/directory \ 
 + --agree-tos -d *.iotaiuto.it 
 +</code>
 ==== nginx ==== ==== nginx ====
  
Line 47: Line 68:
 } }
 </file> </file>
 +
 +renew
 +<code>
 +certbot renew [--dry-run]
 +</code>
 +
 +automatic renew
 +<code>
 +systemctl status certbot.service
 +</code>
 +
 +/etc/letsencrypt/cli.ini
 +<code>
 +max-log-backups = 0
 +deploy-hook = systemctl reload nginx
 +</code>
 ===== acme.sh integration for letsencrypt ===== ===== acme.sh integration for letsencrypt =====
  
  • tips/ssl.txt
  • Last modified: 2022/06/22 07:15
  • by sscipioni