Difference between revisions of "A Solution for Getting Proper Certs"
Jump to navigation
Jump to search
| Line 12: | Line 12: | ||
= Second Method: Working from the '''machine being certified''' = | = Second Method: Working from the '''machine being certified''' = | ||
* <code>ssh <nowiki>root@certifier</nowiki> certbot -d server0.tinkernet.ca</code> | * <code>ssh <nowiki>root@certifier</nowiki> certbot -d server0.tinkernet.ca --manual --preferred-challenges dns certonly</code> | ||
* <code>scp -R <nowiki>root@certifier:/etc/letsencrypt/live/server0.tinkernet.ca//etc/letsencrypt/live/</nowiki></code> | * <code>scp -R <nowiki>root@certifier:/etc/letsencrypt/live/server0.tinkernet.ca//etc/letsencrypt/live/</nowiki></code> | ||
Revision as of 13:44, 29 June 2022
You will need certbot installed on a machine.
As of June 2022, it is again possible to simply install it on a Debian machine.
apt install certbot
First Method: Working from the machine with certbot installed on it
certbot -d server0.tinkernet.ca,server1.tinkernet.ca,server2.tinkernet.ca,server3.tinkernet.ca --manual --preferred-challenges dns certonlyscp -R /etc/letsencrypt/live/server0.tinkernet.ca/ server0:/etc/letsencrypt/live/scp -R /etc/letsencrypt/live/server1.tinkernet.ca/ server1:/etc/letsencrypt/live/scp -R /etc/letsencrypt/live/server2.tinkernet.ca/ server2:/etc/letsencrypt/live/scp -R /etc/letsencrypt/live/server3.tinkernet.ca/ server3:/etc/letsencrypt/live/
Second Method: Working from the machine being certified
ssh root@certifier certbot -d server0.tinkernet.ca --manual --preferred-challenges dns certonlyscp -R root@certifier:/etc/letsencrypt/live/server0.tinkernet.ca//etc/letsencrypt/live/
Caveats & other Notes
Both of these techniques require that machines have SSH enabled for root...
Every command above is run as root. (could also be run using sudo)
One possible (sort of...) answer would be to just install certbot under Proxmox since it defaults to having SSH enabled for root anyhow. This might be quite suitable for the Second Method.