Setting Up Wildcard Subdomains with SSL on a Debian Application: Difference between revisions

Jump to navigation Jump to search

Setting Up Wildcard Subdomains with SSL on a Debian Application (view source)

Revision as of 04:55, 31 October 2024

No change in size ,  31 October 2024
m
no edit summary
mNo edit summary
Line 132: Line 132:
dns_host_aaaa="$(dig +short AAAA "$dns_hostname" | head -n1)"
dns_host_aaaa="$(dig +short AAAA "$dns_hostname" | head -n1)"


[ -d etc/<dns-conf-dir> ] || mkdir -p etc/<dns-conf-dir>
[ -d etc/<DNS_CONF_DIR> ] || mkdir -p etc/<DNS_CONF_DIR>


umask 266
umask 266
cat > etc/<dns-conf-dir>/dns-auth.conf <<CONF
cat > etc/<DNS_CONF_DIR>/dns-auth.conf <<CONF
# Managed by apt, please use dpkg-reconfigure <PKG_NAME> to modify
# Managed by apt, please use dpkg-reconfigure <PKG_NAME> to modify
dns_rfc2136_server = $dns_host_aaaa
dns_rfc2136_server = $dns_host_aaaa
Line 147: Line 147:


This configuration file will be used by Certbot to authenticate and verify domain ownership via DNS challenges.
This configuration file will be used by Certbot to authenticate and verify domain ownership via DNS challenges.
In the case of our guide with the kaboom-api example, <code><dns-conf-dir></code> is <code>kaboom</code>, it's up to you to select the right naming for your case.
In the case of our guide with the kaboom-api example, <code><DNS_CONF_DIR></code> is <code>kaboom</code>, it's up to you to select the right naming for your case.


Once the script has been executed The <code>dns-auth.conf</code> file should look something like this:
Once the script has been executed The <code>dns-auth.conf</code> file should look something like this:
Line 171: Line 171:
fi
fi


[ ! -f "/etc/letsencrypt/live/<cert-name>/fullchain.pem" ] || certbot certonly --non-interactive --cert-name <cert-name> --dns-rfc2136 --dns-rfc2136-credentials etc/<dns-conf-dir>/dns-auth.conf --domain "$FQDN" --domain "*.$FQDN" --deploy-hook /usr/share/<PKG_NAME>/bin/cert-deploy
[ ! -f "/etc/letsencrypt/live/<cert-name>/fullchain.pem" ] || certbot certonly --non-interactive --cert-name <cert-name> --dns-rfc2136 --dns-rfc2136-credentials etc/<DNS_CONF_DIR>/dns-auth.conf --domain "$FQDN" --domain "*.$FQDN" --deploy-hook /usr/share/<PKG_NAME>/bin/cert-deploy
</pre>
</pre>


Line 183: Line 183:


<pre lang="bash">
<pre lang="bash">
[ -f "etc/<dns-conf-dir>/ssl-dhparams.pem" ] || openssl dhparam -out etc/<dns-conf-dir>/ssl-dhparams.pem 2048
[ -f "etc/<DNS_CONF_DIR>/ssl-dhparams.pem" ] || openssl dhparam -out etc/<DNS_CONF_DIR>/ssl-dhparams.pem 2048
</pre>
</pre>


Line 215: Line 215:
ssl_certificate /etc/letsencrypt/live/<cert-name>/fullchain.pem;
ssl_certificate /etc/letsencrypt/live/<cert-name>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<cert-name>/privkey.pem;
ssl_certificate_key /etc/letsencrypt/live/<cert-name>/privkey.pem;
ssl_dhparam etc/<dns-conf-dir>/ssl-dhparams.pem;
ssl_dhparam etc/<DNS_CONF_DIR>/ssl-dhparams.pem;


ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_cache shared:le_nginx_SSL:10m;
Alois
92

edits

Retrieved from "https://docs.delftsolutions.nl/wiki/Special:MobileDiff/475"

Navigation menu