I am slowly moving content from Notion to this Wiki. Some things will be missing!
Where necessary, the organisational structure and information will be updated.

Tom's Wiki


User Tools

Site Tools



Most everything makes use of ACME.sh, with auto-renewing certificates from LetsEncrypt and Cloudflare domain verification.

CRT.sh is a good resource for viewing certificates issued for a domain

Deploying a Cert with ACME.sh

Cloudflare DNS verification

1. Set environment variables

export CF_Token="pybhqsynervfirelpbby"
export CF_Account_ID="pybhqsynervfirelpbby"
export CF_Zone_ID="pybhqsynervfirelpbby"

2. Generate cert

acme.sh --issue --dns dns_cf -d example.com

Webroot Verification

acme.sh --issue -d example.com -w /var/www/example.com/

ACME.sh Deployment

export DOMAIN=example.com
# 1. Create Certificate Path
mkdir -p /etc/nginx/acme.sh/${DOMAIN}/
# 2. Tell acme.sh about it
acme.sh --install-cert -d ${DOMAIN} \
--cert-file /etc/nginx/acme.sh/${DOMAIN}/cert \
--key-file /etc/nginx/acme.sh/${DOMAIN}/key \
--fullchain-file /etc/nginx/acme.sh/${DOMAIN}/fullchain \
--reloadcmd "systemctl reload nginx.service"

Then in NGINX config…

ssl_certificate /etc/nginx/acme.sh/example.com/fullchain;
ssl_certificate_key /etc/nginx/acme.sh/example.com/key;
lab/docs/certs.txt · Last modified: Tue 12 Mar 2024 (21:32) by