-
Notifications
You must be signed in to change notification settings - Fork 0
/
generating-first-ssl-certificate.html
120 lines (99 loc) · 5 KB
/
generating-first-ssl-certificate.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
<!DOCTYPE html>
<html lang="en">
<head>
<!-- ## for client-side less
<link rel="stylesheet/less" type="text/css" href="http://thierry.ducrest.net/theme/css/style.less">
<script src="http://cdnjs.cloudflare.com/ajax/libs/less.js/1.7.3/less.min.js" type="text/javascript"></script>
-->
<link rel="stylesheet" type="text/css" href="http://thierry.ducrest.net/theme/css/style.css">
<link rel="stylesheet" type="text/css" href="http://thierry.ducrest.net/theme/css/pygments.css">
<link rel="stylesheet" type="text/css" href="//fonts.googleapis.com/css?family=PT+Sans|PT+Serif|PT+Mono">
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="author" content="Thierry Ducrest">
<meta name="description" content="Posts and writings by Thierry Ducrest">
<link href="http://feeds.thierry.ducrest.net/feeds/all.atom.xml" type="application/atom+xml" rel="alternate" title="Thierry Ducrest Atom" />
<meta name="keywords" content="Web">
<title>
Thierry Ducrest
– Generating my first ssl certificate with letsencrypt </title>
</head>
<body>
<aside>
<div id="user_meta">
<a href="http://thierry.ducrest.net">
<img src="http://localhost:8000/theme/images/empty.png" alt="logo">
</a>
<h2><a href="http://thierry.ducrest.net">Thierry Ducrest</a></h2>
<p>Hi, I am an analyst programer and web developer from Geneva Switzerland</p>
<ul>
<li><a href="http://thierry.ducrest.net/pages/about.html">About</a></li>
<li><a href="http://thierry.ducrest.net/pages/resume.html">Resume</a></li>
<li><a href="https://github.com/TDu" target="_blank">Github</a></li>
<li><a href="https://cl.linkedin.com/in/thierry-ducrest-928a394" target="_blank">LinkedIn</a></li>
</ul>
</div>
</aside>
<main>
<header>
<p>
<a href="http://thierry.ducrest.net">Index</a> ¦ <a href="http://thierry.ducrest.net/archives.html">Archives</a>
¦ <a href="http://feeds.thierry.ducrest.net/feeds/all.atom.xml">Atom</a>
</p>
</header>
<article>
<div class="article_title">
<h3><a href="http://thierry.ducrest.net/generating-first-ssl-certificate.html">Generating my first ssl certificate with letsencrypt</a></h3>
</div>
<div class="article_text">
<p>This is the path I followed to generate a ssl certificate for sterna.ch using letsencrypt </p>
<p>Sterna uses nginx as a webserver in a Docker container running Alpine linux.</p>
<p>The recommended client software to use is certbot, which is actually packaged by Alpine linux to install :
apk add --no-cache certbot</p>
<p>Certbot is used with "plugins" depending of the infrastructure targeted, unfortunately the nginx plugin is not ready yet, so using the webroot one.</p>
<p>I had some problem getting certbot to work from the docker container getting a PythonDialogBug on execution. On way to get over it was to prefix the command with TERM=xterm {certbot cmd}
Or to had the text and non-interactive instruction in the config file.</p>
<p>First test using the staging environement...
certbot certonly --staging --config certif.ini</p>
<p>Using a config file certif.ini :
# The configuration file for certbot to get the ssl certificate for Sterna</p>
<div class="highlight"><pre><span></span># Use a 4096 bit RSA key instead of 2048
rsa-key-size = 4096
# Uncomment and update to register with the specified e-mail address
email = [email protected]
# Uncomment and update to generate certificates for the specified
# domains.
domains = www.sterna.ch
# Uncomment to use a text interface instead of ncurses
text = True
#The following and the one above fix the problem PythonDialogBug that I had with Docker
non-interactive = True
agree-tos = True
# Uncomment to use the webroot authenticator. Replace webroot-path with the
# path to the public_html / webroot folder being served by your web server.
authenticator = webroot
webroot-path = /usr/html
# webroot-path = /usr/share/nginx/html
</pre></div>
<p>To test the ssl use : https://www.ssllabs.com/ssltest/ </p>
<p>To finally generate a real certificate </p>
<div class="highlight"><pre><span></span>certbot certonly --force-renewal --config certif.ini
</pre></div>
<p>Got the ssl working. Only low point is I have to use a fix ip address otherwise a request pass to the reverse-proxy of the jelastic app engine and it is it that terminate the ssl communication and the common ssl certificate is used.
See if the custom ssl for Docker will be available soon ?! And I am not even sure that would help with a custom domain.</p>
</div>
<div class="article_meta">
<p>Posted on: Thu 06 September 2012</p>
<p>Category: <a href="http://thierry.ducrest.net/category/misc.html">misc</a>
– Tags:
<a href="http://thierry.ducrest.net/tag/web.html">Web</a> </p>
</div>
</article>
<div id="ending_message">
<!--
<p>© Thierry Ducrest. Built using <a href="http://getpelican.com" target="_blank">Pelican</a>.</p>
-->
</div>
</main>
</body>
</html>