You are not allowed to perform this action
lab:docs:certs
Table of Contents
Certificates
Most everything makes use of ACME.sh, with auto-renewing certificates from LetsEncrypt and Cloudflare domain verification.
CRT.sh is a good resource for viewing certificates issued for a domain
Deploying a Cert with ACME.sh
Cloudflare DNS verification
1. Set environment variables
export CF_Token="pybhqsynervfirelpbby" export CF_Account_ID="pybhqsynervfirelpbby" export CF_Zone_ID="pybhqsynervfirelpbby"
2. Generate cert
acme.sh --issue --dns dns_cf -d example.com
Webroot Verification
acme.sh --issue -d example.com -w /var/www/example.com/
ACME.sh Deployment
export DOMAIN=example.com # 1. Create Certificate Path mkdir -p /etc/nginx/acme.sh/${DOMAIN}/ # 2. Tell acme.sh about it acme.sh --install-cert -d ${DOMAIN} \ --cert-file /etc/nginx/acme.sh/${DOMAIN}/cert \ --key-file /etc/nginx/acme.sh/${DOMAIN}/key \ --fullchain-file /etc/nginx/acme.sh/${DOMAIN}/fullchain \ --reloadcmd "systemctl reload nginx.service"
Then in NGINX config…
ssl_certificate /etc/nginx/acme.sh/example.com/fullchain; ssl_certificate_key /etc/nginx/acme.sh/example.com/key;
lab/docs/certs.txt · Last modified: Tue 12 Mar 2024 (21:32) by 127.0.0.1