Skip to content

Instantly share code, notes, and snippets.

@chaitanyakommoju

chaitanyakommoju/readme.md

Forked from sohlich/readme.md
Created November 20, 2022 19:33
Show Gist options
  • Save chaitanyakommoju/65c30b955dbf71f81392126405baff2f to your computer and use it in GitHub Desktop.
Save chaitanyakommoju/65c30b955dbf71f81392126405baff2f to your computer and use it in GitHub Desktop.
Download ZIP
Let's encrypt - generate SSL certificate manually via Cerbot DNS Challenge
Raw
readme.md

Install Certbot

OSX

$ brew install certbot

Linux

Add Certbot PPA to APT repository list

$ apt-get update
$ apt-get install software-properties-common
$ add-apt-repository universe
$ add-apt-repository ppa:certbot/certbot
$ apt-get update

Install Certbot

$ apt-get install certbot python-certbot-apache

Generate SSL certificate

1. Run Certbot

$ certbot certonly \
    --manual \ # Run in manual mode
    --agree-tos \ # Aggree with Terms and Conditions
    --manual-public-ip-logging-ok \ # Agree with public ip logging
    --preferred-challenges dns-01 \ # Set preferred challenges
    --rsa-key-size 4096 \ # Set private key size
    -d $DOMAIN # Domain - can be used multiple times for a set of domains

2. Verify domain via DNS TXT record

You will be asked to create DNS TXT record for given domain on _acme-challenge.domain.tld.

Verification of DNS TXT record value

$ host -t txt $DOMAIN

Once TXT record is returning required hash value, certificate generation process should proceed.

This step might be repetable for each domain which you want to have associated with certificate.

3. Get generated private key and fullchain certificate file

Once previous step is successfully finished cerfitificates can be found as /etc/letsencrypt/live/$DOMAIN/fullchain.pem and /etc/letsencrypt/live/$DOMAIN/privatekey.pem files.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment