I'm trying to define a ACME account ID 1234567 within the Caddy webserver to validate Let's Encrypt certificates.
The documentation is pretty elaborate on tls automation and ACME options, but I couldn't find any way to implement an account ID.
Does anyone have any experience with this?
Thus far I have searched through the following documentations and tried to implement it by changing the ACME URL to one that certbot uses, but unfortunately without success
https://caddyserver.com/docs/json/apps/tls/automation/policies/management/acme/
https://caddyserver.com/v1/docs/tls
I also tried following the Let's Encrypt and certbot docs, but as I understand it is different from the CA URL.
ACME options are stored within $CADDYPATH/acme, not with the Caddy config itself.
The Let's Encrypt account ID can be edited in the following JSON file: $CADDYPATH/acme/acme-v02.api.letsencrypt.org/users/default/default.json
Hope this can help anyone else ;)
Related
Working with a multi tenancy solution where users are to be allowed to set their custom domains - the solution works just fine. However, looking for suggestions on how to get the SSL installed on those custom domains and set them in Nginx so they are served via https route.
In theory, as soon as the user adds custom domain from the backend - SSL is to be installed once A record / CNAME is verified to be pointing correctly. We will be getting Letsencrypt SSL and need an approach on how to handle Ngnix config to provide SSL key to it can be served.
If anyone has produced a similar solution and can shed light on how to approach this, that will be great.
Thanks in advance.
You can solve it by manually issuing certificates using Let's Encrypt and then adding new NGINX config file for serving new domain
Or you can just switch from NGINX to Caddy and it will automatically do it for you! Also you could specify in your application route file a route for a domain whitelist check to prevent unauthenticated domain issues
I would like to create certificate of let's encrypt.
but I keep getting this error as image.
Can someone help me to give any idea for this?
Thank you.
As it is mentioned in a provided screenshot, the temporary token file, which Let's Encrypt is using to verify the domain name ownership, should be reachable from the net.
In this case, the request from Let's Encrypt servers to this temporary file fails because A record the domain cannot be found.
In other words, it is not possible to get Let's Encrypt certificate while DNS is not properly configured.
Here is the more detailed explanation of the authorization procedure - https://letsencrypt.org/how-it-works/
We need to have some modules, for example: admin, app API, website.
So, for website URL is https://company-name.com. For modules we want https://admin.company-name.com and https://api.company-name.com.
How we can make subdomains secure(https). To use same certificates as for website, or they should be separately new certificates? What issues we can have if we will use same certificates?
You need an certificat which include all your domains and subdomains on the SAN ( Subject Alternative Name ) field of your certificat. The simplest way ist to use lets encrypt, which generate it for free.
Than you include this certificate on both virtuell hosts
You can use cert-bot to get https certificate
https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04
Just add all domains while executing.. so, your certificate will remain valid on all the mentioned sub-domains
certbot --apache -d example.com -d admin.example.com -d api.example.com
I provisioned a server using forge and set the domain to blog.example.com. And I generate a LetsEncrypt certificate for that server and set the site to run on http2. It was perfectly fine.
However, I need to make the server accessible via www.blog.example.com now. So I set a CNAME record to route www.blog to blog.example.com. But I got an error This site can’t provide a secure connection when I try to access the site via www.blog.example.com. So I try to generate a new certificate for www.blog.example.com but forge reply First domain does not match root domain on site.
How can I solve the problem?
Thank you.
I have been using openshift for quite some time. Since letsencrypt is in beta, I thought I gave it a try.
My current setup:
www.digrin.com is an alias to my openshift url - digrin-digrincom.rhcloud.com
digrin.com A tag points to wwwizer redirect service 174.129.25.170.
I have uploaded ssl certificates to openshift. It works fine on domain www.digrin.com. However since naked domain digrin.com points to wwwizer.com, it does not use https. I believe it is a problem. I want both domains (naked as well as www variant) to use https. Is it possible? I know wwwizer has some premium plan where it might be possible, but I would like a free version if possible.
If you don't know, I can not set cname for naked domain, so I had to use A tag to wwwizer, because openshift might change IP address.
Useful link:
How to use naked GoDaddy domain with OpenShift hosting?
If you are looking for a free (1 domain) service that redirects naked domains with valid SSL certificates. I moved from wwwizer to nakedssl to redirect to an Opensift server and it works fine.
Well first of all I had to generate ssl certificate for naked domain - digrin.com. I set temporarily A tag for digrin.com to openshift's ip and generated ssl certificate.
Now we have working certificate, but since A tag for digrin can not be set permanently, domain registrant must support naked domain redirect. More on this you can read here -> if you registrant does not support it, move to cloudfront (I will test cloudfront if my registrant will not add this feature within few months and will update this answer).