Setting Up Wildcard Subdomains with SSL on a Debian Application: Difference between revisions

Jump to navigation Jump to search

Setting Up Wildcard Subdomains with SSL on a Debian Application (view source)

Revision as of 04:57, 31 October 2024

No change in size ,  31 October 2024
m
no edit summary
mNo edit summary
mNo edit summary
Line 171: Line 171:
fi
fi


[ ! -f "/etc/letsencrypt/live/<cert-name>/fullchain.pem" ] || certbot certonly --non-interactive --cert-name <cert-name> --dns-rfc2136 --dns-rfc2136-credentials etc/<DNS_CONF_DIR>/dns-auth.conf --domain "$FQDN" --domain "*.$FQDN" --deploy-hook /usr/share/<PKG_NAME>/bin/cert-deploy
[ ! -f "/etc/letsencrypt/live/<CERT_NAME>/fullchain.pem" ] || certbot certonly --non-interactive --cert-name <CERT_NAME> --dns-rfc2136 --dns-rfc2136-credentials etc/<DNS_CONF_DIR>/dns-auth.conf --domain "$FQDN" --domain "*.$FQDN" --deploy-hook /usr/share/<PKG_NAME>/bin/cert-deploy
</pre>
</pre>


This block registers Certbot, checks for an existing certificate, and if none exists, requests a new certificate using DNS authentication with the specified dns-auth.conf file. The --deploy-hook option calls the cert-deploy file after each certificate issuance or renewal. We will create the cert-deploy in a further step.
This block registers Certbot, checks for an existing certificate, and if none exists, requests a new certificate using DNS authentication with the specified dns-auth.conf file. The --deploy-hook option calls the cert-deploy file after each certificate issuance or renewal. We will create the cert-deploy in a further step.


In the case of our guide with the kaboom-api example, <code><cert-name></code> is <code>kaboom-elearning</code>, again it's up to you to select the right naming for your case.
In the case of our guide with the kaboom-api example, <code><CERT_NAME></code> is <code>kaboom-elearning</code>, again it's up to you to select the right naming for your case.


==== c. Generating Diffie-Hellman Parameters for SSL ====
==== c. Generating Diffie-Hellman Parameters for SSL ====
Line 193: Line 193:


<pre lang="bash">
<pre lang="bash">
cat >/etc/nginx/sites-available/<cert-name> <<CONF
cat >/etc/nginx/sites-available/<CERT_NAME> <<CONF
server {
server {
root /usr/share/<PKG_NAME>/public;
root /usr/share/<PKG_NAME>/public;
Line 213: Line 213:
listen 443 ssl http2;
listen 443 ssl http2;


ssl_certificate /etc/letsencrypt/live/<cert-name>/fullchain.pem;
ssl_certificate /etc/letsencrypt/live/<CERT_NAME>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<cert-name>/privkey.pem;
ssl_certificate_key /etc/letsencrypt/live/<CERT_NAME>/privkey.pem;
ssl_dhparam etc/<DNS_CONF_DIR>/ssl-dhparams.pem;
ssl_dhparam etc/<DNS_CONF_DIR>/ssl-dhparams.pem;


Line 227: Line 227:
CONF
CONF


[ -L /etc/nginx/sites-enabled/<cert-name> ] || ln -s /etc/nginx/sites-available/<cert-name> /etc/nginx/sites-enabled
[ -L /etc/nginx/sites-enabled/<CERT_NAME> ] || ln -s /etc/nginx/sites-available/<CERT_NAME> /etc/nginx/sites-enabled


nginx -q -t && service nginx reload
nginx -q -t && service nginx reload
</pre>
</pre>
Alois
92

edits

Retrieved from "https://docs.delftsolutions.nl/wiki/Special:MobileDiff/476"

Navigation menu