Few months ago I just started a website to publish my experiements and test my coding skills. I posted about it before here . For the very same website I needed to renew my Let's Encrypt certificates. While doing so, I delved into a side track which was a deadend so I decided to post about it for myself as a reminder also for someone who might use it.
I am publishing this under basics as it is a recurring process and an important part of the deployment. Later on I will post about how to automate the process. For now this is following certbot manual process with DNS Challange.
1I am going to use the DNS Challange method, and zone info is served by CloudFlare DNS. I am going to use certbot-dns-cloudflare plugin. For this purpose I need an API Key to allow certbot edit my DNS zone. Here are the steps for that:
2 Once the key is generated, you can test it with curl
And you will get a json similar to this one
3Put the token into cloudflare.ini file
4Run Certbot Container. The below command will mount your local folders inside container, so that your cloudflare.ini file will be accessible, and generated certificate will be also saved.
5Follow on screen prompts
6Find your certificates under /etc/letsencrypt/live/codeharmony.net/ folder.
7Add your certificates to Load Balancer or Certificate Service. Or whereever you manage your certificates.
8Edit your HTTPS listener to use new certificate, either loadbalancer or your http server.
9Inspect certificate using openssl.
References:
1.Certbot User Guide I followed the manual process.
No comments:
Post a Comment