Differences

This shows you the differences between two versions of the page.

--- tips:ssl [2017/05/26 14:47] – [certificate integration for apache] scipio
+++ tips:ssl [2022/06/22 07:15] (current) – [letsencrypt staging] sscipioni
@@ Line 5: / Line 5: @@
 [[https://letsencrypt.org/|letsencrypt certification authority]] is free, automated and open.
+===== letsencrypt staging =====
+get ca certificate and use with curl
+<code | download>
+API_HOST=sso.csgalileo.org
+echo quit | openssl s_client -showcerts -servername "$API_HOST" -connect "$API_HOST":443 > cacert.pem
+curl --cacert cacert.pem https://sso.csgalileo.org/
+</code>
+in browser import this [[https://letsencrypt.org/certs/staging/letsencrypt-stg-int-r3.pem|CA]]
+===== certbot ======
+<code>
+snap install --classic certbot
+# or for focal pre
+add-apt-repository ppa:certbot/certbot
+apt-get update
+apt-get install -y certbot python-certbot-nginx
+</code>
+<code>
+certbot certonly --webroot -w /var/www/html -d mail.veronamobile.it
+</code>
+wildcard
+<code>
+certbot certonly \
+ --manual \
+ --preferred-challenges=dns \
+ --email stefano.scipioni@csgalileo.org \
+ --server https://acme-v02.api.letsencrypt.org/directory \
+ --agree-tos -d *.iotaiuto.it
+</code>
+==== nginx ====
+<file>
+server {
+  listen 80;
+  server_name nextcloud.csgalileo.org;
+  server_tokens off;
+  location /.well-known/acme-challenge {
+    root /var/www;
+    allow all;
+  }
+  location / {
+    return 301 https://$server_name$request_uri;
+  }
+}
+server {
+    listen 443;
+    server_name nnextcloud.csgalileo.org;
+    ssl_certificate /etc/letsencrypt/live/nextcloud.csgalileo.org/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/nextcloud.csgalileo.org/privkey.pem;
+}
+</file>
+renew
+<code>
+certbot renew [--dry-run]
+</code>
+automatic renew
+<code>
+systemctl status certbot.service
+</code>
+/etc/letsencrypt/cli.ini
+<code>
+max-log-backups = 0
+deploy-hook = systemctl reload nginx
+</code>
 ===== acme.sh integration for letsencrypt =====