Difference between revisions of "SSL certs via ClouDNS"
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
<span style="font-size: 24pt;" >'''WIP!!!'''</span>Since moving my external DNS to [https://www.cloudns.net/ ClouDNS], they have added [https://www.cloudns.net/news/article/241/?utm_source=Mail&utm_campaign=2023_06_3_newsletter&utm_medium=freessl_news_link a VERY useful service]. The time has come to put it to use! | <span style="font-size: 24pt; color: rgb(224, 62, 45);">'''WIP!!!'''</span> | ||
Since moving my external DNS to [https://www.cloudns.net/ ClouDNS], they have added [https://www.cloudns.net/news/article/241/?utm_source=Mail&utm_campaign=2023_06_3_newsletter&utm_medium=freessl_news_link a VERY useful service]. The time has come to put it to use! | |||
= Important Notes = | = Important Notes = |
Latest revision as of 16:17, 21 August 2023
WIP!!!
Since moving my external DNS to ClouDNS, they have added a VERY useful service. The time has come to put it to use!
Important Notes
- This service is only available if your account is Premium M or better
- You will need to enable an API user
- (do that here')
- These certs are wildcard certs for the whole domain
Step 1 : Create the cert
In your ClouDNS dashboard, select DNS Hosting, then select the domain you want to add SSL to.
Then click the Free SSL button.
Select your preferred authority, hit the "Activate Free SSL" button & then wait for it.
(In this example, I've used the "Let's Encrypt" option. May look into "ZeroSSL" later...)
Step 2 : Download the cert
Download the cert via their API:
curl "https://api.cloudns.net/dns/freessl-get.xml?auth-id=AUTHID&auth-password=PASSWORD&domain-name=DOMAIN"
Step 3 : Make the cert useable
(This is where it's gonna get interesting...)
The certs are available as either an XML or a JSON payload...
Attempt #1: Manually extract the key & the fullchain cert set into separate files. Seems to work...
Attempt #2: Write a script or actual program to extract these...
Step 4 : put the cert into a useful place
Looking at the standard default-ssl.conf file for Apache, the reveals:
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
So /etc/ssl/certs & /etc/ssl/private looks sensible to me & I've named the files ssl-DOMAIN.pem & ssl-DOMAIN.key because there's no snakeoil involved here.
(Also, that script or program above should be able to directly extract the files into those locations.)