Prior to support for wildcards I found it necessary to explicitly list each domain on a certificate in the form … -d example.com -d www.example.com -d blog.example.com -d www.blog.example.com … (which due to complexities in the odd mix of redirected domains I’m using worked best with the –webroot authentication). Thanks to Trojan’s explanation and documentation … Read more
Maybe would be helpful for someone experiencing similar issues. As for me, a forgot to specify hostname in Ingress yaml file for both rules and tls sections. After duplicating the hostname, it started responding with a proper certificate. Example: apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: test-web-ingress annotations: kubernetes.io/ingress.class: nginx spec: tls: – hosts: – my.host.com … Read more
It is because Let’s Encrypt has currently disabled the TLS-SNI-01 challenge due to an identified security issue. The official has provided an workaroud at the Let’s Encrypt community website as following: If you’re serving files for that domain out of a directory on that server, you can run the following command: sudo certbot –authenticator webroot … Read more
The by far best solution I was able to find for now is described in this blog post. I won’t recite everything, but the key points are: Use the webroot authenticator for Let’s Encrypt Create the folder /var/www/letsencrypt and use this directory as webroot-path for Let’s Encrypt Change the following config values in /etc/gitlab/gitlab.rb and … Read more
It turns out that if my Apache conf file 000-default.conf only declares <VirtualHost *:80>…</VirtualHost>, then Certbot duplicates it and creates a second Apache conf file called 000-default-le-ssl.conf to define <VirtualHost *:443>…</VirtualHost>. The Name duplicates previous WSGI daemon definition error appears because both Apache conf files have the same line defining WSGIDaemonProcess myprocess…. This appears to … Read more
You do not need to remove the installed certificate. You can extend it to your sub-domain if you’re using the same domain. Do the following: sudo certbot certonly –standalone -d example.com -d www.example.com When prompted for Expanding or Cancelling, reply with E then hit Enter key on your keyboard. The certificate should be setup successfully. … Read more
When you use sudo to issue the certificates, they will be owned by root. Since node is not run as root, and the permissions on the certificate folder do not allow them to be opened by anyone except the owner, your node app cannot see them. To understand the solution, let us assume node is … Read more
I recently (April 2018) installed and ran certbot (version 0.22.2) on an Ubuntu 16.04 server, and a renewal cron job was created automatically in /etc/cron.d/certbot. Here’s the cron job that was created: # /etc/cron.d/certbot: crontab entries for the certbot package # # Upstream recommends attempting renewal twice a day # # Eventually, this will be … Read more
With certbot, you can simply use: certbot delete –cert-name mywebsite.com This removes the certificate and all relevant files from your letsencrypt config directory.
This is the minimal automatic setup of an HTTPS server using Go and Let’s Encrypt certificates I have found: package main import ( “crypto/tls” “log” “net/http” “golang.org/x/crypto/acme/autocert” ) func main() { certManager := autocert.Manager{ Prompt: autocert.AcceptTOS, HostPolicy: autocert.HostWhitelist(“example.com”), //Your domain here Cache: autocert.DirCache(“certs”), //Folder for storing certificates } http.HandleFunc(“/”, func(w http.ResponseWriter, r *http.Request) { w.Write([]byte(“Hello … Read more