A Solution for Getting Proper Certs

From Da Nerd Mage Wiki
Revision as of 13:28, 29 June 2022 by Tinker (talk | contribs) (Created page with "You will need certbot installed on a machine. As of June 2022, it is again possible to simply install it on a Debian machine. * <code>apt install certbot</code> = First Method: Working from the '''machine with certbot''' installed on it = * <code>certbot -d server0.tinkernet.ca,server1.tinkernet.ca,server2.tinkernet.ca,server3.tinkernet.ca --manual --preferred-challenges dns certonly</code> * <code>scp -R /etc/letsencrypt/live/server0.tinkernet.ca/ server0:/etc/letsenc...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

You will need certbot installed on a machine.

As of June 2022, it is again possible to simply install it on a Debian machine.

  • apt install certbot

First Method: Working from the machine with certbot installed on it

  • certbot -d server0.tinkernet.ca,server1.tinkernet.ca,server2.tinkernet.ca,server3.tinkernet.ca --manual --preferred-challenges dns certonly
  • scp -R /etc/letsencrypt/live/server0.tinkernet.ca/ server0:/etc/letsencrypt/live/
  • scp -R /etc/letsencrypt/live/server1.tinkernet.ca/ server1:/etc/letsencrypt/live/
  • scp -R /etc/letsencrypt/live/server2.tinkernet.ca/ server2:/etc/letsencrypt/live/
  • scp -R /etc/letsencrypt/live/server3.tinkernet.ca/ server3:/etc/letsencrypt/live/

Second Method: Working from the machine being certified

  • ssh root@certifier certbot -d server0.tinkernet.ca
  • scp -R root@certifier:/etc/letsencrypt/live/server0.tinkernet.ca//etc/letsencrypt/live/

Caveats & other Notes

Both of these techniques require that machines have SSH enabled for root...

Every command above is run as root. (could also be run using sudo)

Retrieved from ‘https://wiki.nerdmage.ca/index.php?title=A_Solution_for_Getting_Proper_Certs&oldid=1189