Difference between revisions of "A Solution for Getting Proper Certs"

From Da Nerd Mage Wiki
Jump to navigation Jump to search
Line 5: Line 5:


= Caveats & other Notes =
= Caveats & other Notes =
The following '''certbot''' command lines are "manual" runs. Working on how best to make dns challenges work in "automatic"...
The following '''certbot''' command lines are "manual" runs. Working on how best to make dns challenges work in "automatic"...
Both of these techniques require that machines have SSH enabled for root...
Both of these techniques require that machines have SSH enabled for root...


Line 12: Line 12:
One possible (sort of...) answer would be to just install '''certbot''' under Proxmox since it defaults to having SSH enabled for root anyhow. This might be quite suitable for the Second Method.
One possible (sort of...) answer would be to just install '''certbot''' under Proxmox since it defaults to having SSH enabled for root anyhow. This might be quite suitable for the Second Method.


= First Method: Working from the '''machine with certbot''' installed on it =
= Obtaining Certs using DNS instead of http =
== First Method: Working from the '''machine with certbot''' installed on it ==
* <code>certbot -d server0.tinkernet.ca,server1.tinkernet.ca,server2.tinkernet.ca,server3.tinkernet.ca --manual --preferred-challenges dns certonly</code>
* <code>certbot -d server0.tinkernet.ca,server1.tinkernet.ca,server2.tinkernet.ca,server3.tinkernet.ca --manual --preferred-challenges dns certonly</code>
* <code>scp -R /etc/letsencrypt/live/server0.tinkernet.ca/ server0:/etc/letsencrypt/live/</code>
* <code>scp -R /etc/letsencrypt/live/server0.tinkernet.ca/ server0:/etc/letsencrypt/live/</code>
Line 19: Line 20:
* <code>scp -R /etc/letsencrypt/live/server3.tinkernet.ca/ server3:/etc/letsencrypt/live/</code>
* <code>scp -R /etc/letsencrypt/live/server3.tinkernet.ca/ server3:/etc/letsencrypt/live/</code>


= Second Method: Working from the '''machine being certified''' =
== Second Method: Working from the '''machine being certified''' ==
* <code>ssh <nowiki>root@certifier</nowiki> certbot -d server0.tinkernet.ca --manual --preferred-challenges dns certonly</code>
* <code>ssh <nowiki>root@certifier</nowiki> certbot -d server0.tinkernet.ca --manual --preferred-challenges dns certonly</code>
* <code>scp -R <nowiki>root@certifier:/etc/letsencrypt/live/server0.tinkernet.ca//etc/letsencrypt/live/</nowiki></code>
* <code>scp -R <nowiki>root@certifier:/etc/letsencrypt/live/server0.tinkernet.ca//etc/letsencrypt/live/</nowiki></code>

Revision as of 13:54, 29 June 2022

You will need certbot installed on a machine.

As of June 2022, it is again possible to simply install it on a Debian machine.

  • apt install certbot

Caveats & other Notes

The following certbot command lines are "manual" runs. Working on how best to make dns challenges work in "automatic"... Both of these techniques require that machines have SSH enabled for root...

Every command above is run as root. (could also be run using sudo)

One possible (sort of...) answer would be to just install certbot under Proxmox since it defaults to having SSH enabled for root anyhow. This might be quite suitable for the Second Method.

Obtaining Certs using DNS instead of http

First Method: Working from the machine with certbot installed on it

  • certbot -d server0.tinkernet.ca,server1.tinkernet.ca,server2.tinkernet.ca,server3.tinkernet.ca --manual --preferred-challenges dns certonly
  • scp -R /etc/letsencrypt/live/server0.tinkernet.ca/ server0:/etc/letsencrypt/live/
  • scp -R /etc/letsencrypt/live/server1.tinkernet.ca/ server1:/etc/letsencrypt/live/
  • scp -R /etc/letsencrypt/live/server2.tinkernet.ca/ server2:/etc/letsencrypt/live/
  • scp -R /etc/letsencrypt/live/server3.tinkernet.ca/ server3:/etc/letsencrypt/live/

Second Method: Working from the machine being certified

  • ssh root@certifier certbot -d server0.tinkernet.ca --manual --preferred-challenges dns certonly
  • scp -R root@certifier:/etc/letsencrypt/live/server0.tinkernet.ca//etc/letsencrypt/live/