##Free Public CA certficate
Certbot tool works with any ACME
compliant CA to automate certificate acquistion process.
We can use certbot to generate the certificates using following process:
- Setup a basic nginx web server as CA
authenticator
in AWS withHTTP
access: - SSH into nginx and create
.well-known
folder
mkdir /tmp/.well-known
- Modify nginx conf to add following section. The
webroot
plugin in certbot uses this folder structure to authenticate the domain ownership.
server {
root /tmp;
location /.well-known {
allow all;
}
}
-
Use noip service to map all domains (free version allows 3 active domains) you want to include in the certficate to your webserver public IP.
-
Do a quick curl test to make sure you can reach to
/.well-known
using all of above domains
curl http://webtask.servepics.com/.well-known/
- At this stage, we can launch certbot to generate a certficate for all the domains required by appliance
certbot certonly -a webroot --webroot-path=/tmp -d manage.servepics.com -d webtask.servepics.com -d auth.servepics.com
- Convert to pfx format
openssl pkcs12 -export -out cert.pfx -inkey privkey.pem -in fullchain.pem