Difference between revisions of "SSL certs via ClouDNS"

From Da Nerd Mage Wiki
Jump to navigation Jump to search
Line 41: Line 41:


So '''/etc/ssl/certs''' & '''/etc/ssl/private''' looks sensible to me & I've named the files '''ssl-DOMAIN.pem''' & '''ssl-DOMAIN.key''' because there's no snakeoil involved here.
So '''/etc/ssl/certs''' & '''/etc/ssl/private''' looks sensible to me & I've named the files '''ssl-DOMAIN.pem''' & '''ssl-DOMAIN.key''' because there's no snakeoil involved here.
(Also, that script or program above should be able to directly extract the files into those locations.)


= Step 5 : Tell Apache about it =
= Step 5 : Tell Apache about it =


= Step 6 : Automate the update process =
= Step 6 : Automate the update process =

Revision as of 18:37, 12 August 2023

Since moving my external DNS to ClouDNS, they have added a VERY useful service. The time has come to put it to use!

Important Notes

  1. This service is only available if your account is Premium M or better
  2. You will need to enable an API user
  3. These certs are wildcard certs for the whole domain

Step 1 : Create the cert

Freesslbutton.png

In your ClouDNS dashboard, select DNS Hosting, then select the domain you want to add SSL to.

Then click the Free SSL button.

Select your preferred authority, hit the "Activate Free SSL" button & then wait for it.

(In this example, I've used the "Let's Encrypt" option.  May look into "ZeroSSL" later...)

Step 2 : Download the cert

Download the cert via their API:

  • curl "https://api.cloudns.net/dns/freessl-get.xml?auth-id=AUTHID&auth-password=PASSWORD&domain-name=DOMAIN"

Step 3 : Make the cert useable

(This is where it's gonna get interesting...)

The certs are available as either an XML or a JSON payload...

Attempt #1:  Manually extract the key & the fullchain cert set into separate files.  Seems to work...

Attempt #2:  Write a script or actual program to extract these...

Step 4 : put the cert into a useful place

Looking at the standard default-ssl.conf file for Apache, the reveals:

SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile   /etc/ssl/private/ssl-cert-snakeoil.key

So /etc/ssl/certs & /etc/ssl/private looks sensible to me & I've named the files ssl-DOMAIN.pem & ssl-DOMAIN.key because there's no snakeoil involved here.

(Also, that script or program above should be able to directly extract the files into those locations.)

Step 5 : Tell Apache about it

Step 6 : Automate the update process