Skip to content

Instantly share code, notes, and snippets.

@zamd

zamd/letsencrypt.md

Last active July 20, 2018 10:21
Show Gist options
  • Save zamd/ef766a69839d57aa30af3de935676c6f to your computer and use it in GitHub Desktop.
Save zamd/ef766a69839d57aa30af3de935676c6f to your computer and use it in GitHub Desktop.
Download ZIP
letsencrypt certs
Raw
letsencrypt.md

##Free Public CA certficate

Certbot tool works with any ACME compliant CA to automate certificate acquistion process.

We can use certbot to generate the certificates using following process:

  • Setup a basic nginx web server as CA authenticator in AWS with HTTP access:
  • SSH into nginx and create .well-known folder

mkdir /tmp/.well-known

  • Modify nginx conf to add following section. The webroot plugin in certbot uses this folder structure to authenticate the domain ownership.
server {
  root /tmp;
   location /.well-known {
      allow all;
   }
}

  • Use noip service to map all domains (free version allows 3 active domains) you want to include in the certficate to your webserver public IP.

  • Do a quick curl test to make sure you can reach to /.well-known using all of above domains

curl http://webtask.servepics.com/.well-known/

  • At this stage, we can launch certbot to generate a certficate for all the domains required by appliance

certbot certonly -a webroot --webroot-path=/tmp -d manage.servepics.com -d webtask.servepics.com -d auth.servepics.com

  • Convert to pfx format

openssl pkcs12 -export -out cert.pfx -inkey privkey.pem -in fullchain.pem

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment