92
edits
Setting Up Wildcard Subdomains with SSL on a Debian Application: Difference between revisions
Jump to navigation
Jump to search
Setting Up Wildcard Subdomains with SSL on a Debian Application (view source)
Revision as of 01:46, 31 October 2024
, 31 October 2024no edit summary
mNo edit summary |
No edit summary |
||
| Line 33: | Line 33: | ||
* IN 3600 AAAA 2a0c:8187:0:201::196 | * IN 3600 AAAA 2a0c:8187:0:201::196 | ||
</pre> | </pre> | ||
=== 2. Required Packages === | |||
* python3-certbot-dns-rfc2136 | |||
* openssl | |||
* nginx | |||
* dnsutils | |||
* certbot | |||
== Configuring SSL and Wildcard Subdomains == | |||
=== 1. Handling Environment Variables === | |||
We’ll first add three environment variables to capture essential information: DNS_AUTHENTICATION, CERTBOT_EMAIL, and ELEARNING_FQDN. These variables will be defined using Debconf, which allows us to prompt for values during installation and configuration. | |||
'''DNS_AUTHENTICATION''': This string is required for Certbot’s DNS-based challenge verification. The format includes a keyname, algorithm, and secret for authentication, followed by the authoritative DNS hostname. | |||
This string is currently obtained using the signal domain api package running the command : | |||
<code>signaldomain-api key certbot create <domain_name></code> | |||
The expected format is: <code>dns://<key_name>:<key_algorithm>~<key_secret_base64>@<authoritive_nameserver_domainname></code> | |||
example: <code>dns://staging-elearning_nl__certbot._keys.delftsolutions.signaldomain._internal.usersignal.nl.:hmac-sha256~<key_secret>@ns1.signaldomain.nl/staging-elearning_nl__certbot._keys.delftsolutions.signaldomain._internal.usersignal.nl.</code> | |||
'''CERTBOT_EMAIL''': This email address is used when registering an account with Let’s Encrypt. Important notifications about certificate issues will be sent to this address. | |||
'''ELEARNING_FQDN''': This is the fully qualified domain name (FQDN) of the primary domain for which wildcard SSL certificates will be issued. <code>staging-elearning.nl</code> for this guide example. | |||