From d961a4c15d94aaf3139bac41355ea6bd7fe47eb4 Mon Sep 17 00:00:00 2001 From: "David T. Sadler" Date: Thu, 27 May 2021 22:19:56 +0100 Subject: New Post --- drafts/wildcard-certificates.gmi | 53 ---------------------- gemini/index.gmi | 2 + gemini/posts/index.gmi | 1 + .../index.gmi | 53 ++++++++++++++++++++++ gemini/posts/letsencrypt/index.gmi | 11 +++++ www/index.html | 2 +- www/posts/atom.xml | 11 ++++- www/posts/index.html | 2 +- .../index.html | 26 +++++++++++ www/posts/letsencrypt/atom.xml | 18 ++++++++ www/posts/letsencrypt/index.html | 25 ++++++++++ www/sitemap.xml | 4 ++ 12 files changed, 152 insertions(+), 56 deletions(-) delete mode 100644 drafts/wildcard-certificates.gmi create mode 100644 gemini/posts/letsencrypt/2021-05-27/wildcard-certificates-with-lets-encrypt/index.gmi create mode 100644 gemini/posts/letsencrypt/index.gmi create mode 100644 www/posts/letsencrypt/2021-05-27/wildcard-certificates-with-lets-encrypt/index.html create mode 100644 www/posts/letsencrypt/atom.xml create mode 100644 www/posts/letsencrypt/index.html diff --git a/drafts/wildcard-certificates.gmi b/drafts/wildcard-certificates.gmi deleted file mode 100644 index d5c5dca..0000000 --- a/drafts/wildcard-certificates.gmi +++ /dev/null @@ -1,53 +0,0 @@ -# Wildcard Certificates with Let's Encrypt - -> Mon 24th May 2021 By David T. Sadler. - -Currently my little bit of the internet is davidtsadler.com. However I have a few ideas for some other projects that I would like to host under a subdomain. For example at some point I want to make my source code available at git.davidtsadler.com. I also want SSL on each of the sites. - -Since I'm self hosting my sites I can make use of Let's Encrypt to obtain the nessecary certificates. However I don't want the hassle of maintaing a seperate certificate for each site so I'm going with having a single wildcard certificate that will be valid for each subdomain. - -Obtaining a wildcard certificate can be done with the certbot command. - -```shell -$ sudo certbot certonly --manual --preferred-challenges=dns --email me@email.com --agree-tos -d "*.davidtsadler.com,davidtsadler.com" -``` - -* certonly This will obtain and save the certificate but will not install it. That is left to you. -* --manual Obtains certificates interactively. -* --preferred-challenges=dns Tells certbot that I will use the dns method to prove I own the domain name. -* --email Email address used for registration and recovery contact. -* --agree-tos Automatically agree to the terms of service. -* -d Comma seperataed list of domain names that the certificate should cover. - -There are a couple of things to note with the above command. For starters I had to specifiy both *.davidtsadler and davidtsadler.com as the domains. This is because if I did not include davidtsadler.com then only subdomains would be covered by the certificate. In other words *.davidtsadler means any subdomain under davidtsadler.com but not the domain davidtsadler.com itself. - -Secondaly, due to how my dns is been managed I could not have certbot automatically add the appropriate dns entries in order for it to validate the authenancy of the domain name. Instead certbot displayed the instructions needed to manually add two TXT records to my dns. Once I had done this certbot was happy that I owned the domain that the certificate would cover. - -Running the certbot command results in the certificates been saved in /etc/letsencrypt/live/davidtsadler.com/ - -After that all I need to do is ensure that Apache has SSL support enabled and then add the below settings to my vhost file which tells Apache where to find the certificates. - -``` -SSLCertificateFile /etc/letsencrypt/live/davidtsadler.com/fullchain.pem -SSLCertificateKeyFile /etc/letsencrypt/live/davidtsadler.com/privkey.pem -`` - -Now in future I can simply create the required vhost file for the new subdomain site and have it use the same certificate as the others. - -### Links - -=> https://davidtsadler.com davidtsadler.com - My little bit of the internet. - -=> /posts/letsencrypt/ Let's Encrypt - Read More Posts. - -I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to. - -=> mailto:david@davidtsadler.com Email david@davidtsadler.com - -### License - -=> https://creativecommons.org/licenses/by-sa/4.0/ The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. - -Copyright © 2021 David T. Sadler. - -=> / Return to Homepage. diff --git a/gemini/index.gmi b/gemini/index.gmi index e3bf57e..cf562cf 100644 --- a/gemini/index.gmi +++ b/gemini/index.gmi @@ -4,6 +4,7 @@ Hello and welcome to my little bit of the internet where I occasionally write ab ## Latest Posts +=> /posts/letsencrypt/2021-05-27/wildcard-certificates-with-lets-encrypt/ 2021-05-27 - Wildcard Certificates with Let's Encrypt => /posts/nextcloud/2021-02-15/accessing-nextcloud-with-webdav-on-arch/ 2021-02-15 - Accessing Nextcloud With WebDAV on Arch => /posts/gemini/2021-02-08/how-to-host-your-own-gemini-site-in-the-cloud/ 2021-02-08 - How to Host Your Own Gemini Site in the Cloud => /posts/php/2021-01-18/installing-php-8-for-windows-10/ 2021-01-18 - Installing PHP 8 for Windows 10 @@ -31,6 +32,7 @@ Hello and welcome to my little bit of the internet where I occasionally write ab => /posts/gemini/ Gemini => /posts/jigsaw/ Jigsaw => /posts/laravel/ Laravel +=> /posts/letsencrypt/ Let's Encrypt => /posts/linux/ Linux => /posts/markdown/ Markdown => /posts/netlify/ Netlify diff --git a/gemini/posts/index.gmi b/gemini/posts/index.gmi index 635c3bd..6c7b683 100644 --- a/gemini/posts/index.gmi +++ b/gemini/posts/index.gmi @@ -1,5 +1,6 @@ # The Home of David T. Sadler - All Posts +=> /posts/letsencrypt/2021-05-27/wildcard-certificates-with-lets-encrypt/ 2021-05-27 - Wildcard Certificates with Let's Encrypt => /posts/nextcloud/2021-02-15/accessing-nextcloud-with-webdav-on-arch/ 2021-02-15 - Accessing Nextcloud With WebDAV on Arch => /posts/gemini/2021-02-08/how-to-host-your-own-gemini-site-in-the-cloud/ 2021-02-08 - How to Host Your Own Gemini Site in the Cloud => /posts/php/2021-01-18/installing-php-8-for-windows-10/ 2021-01-18 - Installing PHP 8 for Windows 10 diff --git a/gemini/posts/letsencrypt/2021-05-27/wildcard-certificates-with-lets-encrypt/index.gmi b/gemini/posts/letsencrypt/2021-05-27/wildcard-certificates-with-lets-encrypt/index.gmi new file mode 100644 index 0000000..91de552 --- /dev/null +++ b/gemini/posts/letsencrypt/2021-05-27/wildcard-certificates-with-lets-encrypt/index.gmi @@ -0,0 +1,53 @@ +# Wildcard Certificates with Let's Encrypt + +> Thu 27th May 2021 By David T. Sadler. + +Currently my little bit of the internet is davidtsadler.com. However I have a few ideas for some other projects that I would like to host under a subdomain. For example at some point I want to make my source code available at git.davidtsadler.com. I also want SSL on each of the sites. + +Since I'm self hosting my sites I can make use of Let's Encrypt to obtain the nessecary certificates. However I don't want the hassle of maintaing a seperate certificate for each site so I'm going with having a single wildcard certificate that will be valid for each subdomain. + +Obtaining a wildcard certificate can be done with the certbot command. + +```shell +$ sudo certbot certonly --manual --preferred-challenges=dns --email me@email.com --agree-tos -d "*.davidtsadler.com,davidtsadler.com" +``` + +* certonly This will obtain and save the certificate but will not install it. That is left to you. +* --manual Obtains certificates interactively. +* --preferred-challenges=dns Tells certbot that I will use the dns method to prove I own the domain name. +* --email Email address used for registration and recovery contact. +* --agree-tos Automatically agree to the terms of service. +* -d Comma seperataed list of domain names that the certificate should cover. + +There are a couple of things to note with the above command. For starters I had to specifiy both *.davidtsadler and davidtsadler.com as the domains. This is because if I did not include davidtsadler.com then only subdomains would be covered by the certificate. In other words *.davidtsadler means any subdomain under davidtsadler.com but not the domain davidtsadler.com itself. + +Secondaly, due to how my dns is been managed I could not have certbot automatically add the appropriate dns entries in order for it to validate the authenancy of the domain name. Instead certbot displayed the instructions needed to manually add two TXT records to my dns. Once I had done this certbot was happy that I owned the domain that the certificate would cover. + +Running the certbot command results in the certificates been saved in /etc/letsencrypt/live/davidtsadler.com/ + +After that all I need to do is ensure that Apache has SSL support enabled and then add the below settings to my vhost file which tells Apache where to find the certificates. + +``` +SSLCertificateFile /etc/letsencrypt/live/davidtsadler.com/fullchain.pem +SSLCertificateKeyFile /etc/letsencrypt/live/davidtsadler.com/privkey.pem +``` + +Now in future I can simply create the required vhost file for the new subdomain site and have it use the same certificate as the others. + +### Links + +=> https://davidtsadler.com davidtsadler.com - My little bit of the internet. + +=> /posts/letsencrypt/ Let's Encrypt - Read More Posts. + +I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to. + +=> mailto:david@davidtsadler.com Email david@davidtsadler.com + +### License + +=> https://creativecommons.org/licenses/by-sa/4.0/ The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. + +Copyright © 2021 David T. Sadler. + +=> / Return to Homepage. diff --git a/gemini/posts/letsencrypt/index.gmi b/gemini/posts/letsencrypt/index.gmi new file mode 100644 index 0000000..fe64dd0 --- /dev/null +++ b/gemini/posts/letsencrypt/index.gmi @@ -0,0 +1,11 @@ +# The Home of David T. Sadler - All Posts About Let's Encrypt + +=> /posts/letsencrypt/2021-05-27/wildcard-certificates-with-lets-encrypt/ 2021-05-27 - Wildcard Certificates with Let's Encrypt + +### License + +=> https://creativecommons.org/licenses/by-sa/4.0/ The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. + +Copyright © 2021 David T. Sadler. + +=> / Return to Homepage. diff --git a/www/index.html b/www/index.html index 54d2548..19b0305 100644 --- a/www/index.html +++ b/www/index.html @@ -18,7 +18,7 @@ -

The Home of David T. Sadler

Hello and welcome to my little bit of the internet where I occasionally write about things that interest me. You might find my posts interesting or you might not and that's okay.

Latest Posts

2021-02-15 - Accessing Nextcloud With WebDAV on Arch2021-02-08 - How to Host Your Own Gemini Site in the Cloud2021-01-18 - Installing PHP 8 for Windows 102020-12-21 - Installing Laravel Homestead in Arch Linux2020-12-14 - SQLSTATE[HY000] [2002] php_network_getaddresses: getaddrinfo failed2020-09-07 - Installing Zsh and Powerlevel10k on Arch Linux2020-08-31 - Enabling Audio in Arch Linux2020-08-24 - Pacman Cheat Sheet For Ubuntu Users2020-08-17 - Installing ST, DMENU and DWM in Arch Linux2020-07-13 - Sudo: sorry, you must have a tty to run sudo2020-06-22 - Granting Sudo Access to a User in Arch Linux2020-06-15 - Adding a User in Arch Linux2020-06-08 - Publishing Jigsaw Posts With Netlify Build Hooks2020-06-01 - Scheduling Posts in Jigsaw2020-05-25 - Installing Arch Linux on a Thinkpad X2202020-03-30 - Creating an Ebook With Markdown

All Posts

Post Archive

Tags

ArchGeminiJigsawLaravelLinuxMarkdownNetlifyNextcloudPHP

Where to Find Me

GitHubGemini SiteEmail david@davidtsadler.com

License

The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Copyright © 2021 David T. Sadler.

+

The Home of David T. Sadler

Hello and welcome to my little bit of the internet where I occasionally write about things that interest me. You might find my posts interesting or you might not and that's okay.

Latest Posts

2021-05-27 - Wildcard Certificates with Let's Encrypt2021-02-15 - Accessing Nextcloud With WebDAV on Arch2021-02-08 - How to Host Your Own Gemini Site in the Cloud2021-01-18 - Installing PHP 8 for Windows 102020-12-21 - Installing Laravel Homestead in Arch Linux2020-12-14 - SQLSTATE[HY000] [2002] php_network_getaddresses: getaddrinfo failed2020-09-07 - Installing Zsh and Powerlevel10k on Arch Linux2020-08-31 - Enabling Audio in Arch Linux2020-08-24 - Pacman Cheat Sheet For Ubuntu Users2020-08-17 - Installing ST, DMENU and DWM in Arch Linux2020-07-13 - Sudo: sorry, you must have a tty to run sudo2020-06-22 - Granting Sudo Access to a User in Arch Linux2020-06-15 - Adding a User in Arch Linux2020-06-08 - Publishing Jigsaw Posts With Netlify Build Hooks2020-06-01 - Scheduling Posts in Jigsaw2020-05-25 - Installing Arch Linux on a Thinkpad X2202020-03-30 - Creating an Ebook With Markdown

All Posts

Post Archive

Tags

ArchGeminiJigsawLaravelLet's EncryptLinuxMarkdownNetlifyNextcloudPHP

Where to Find Me

GitHubGemini SiteEmail david@davidtsadler.com

License

The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Copyright © 2021 David T. Sadler.

diff --git a/www/posts/atom.xml b/www/posts/atom.xml index d71271f..50c6ace 100644 --- a/www/posts/atom.xml +++ b/www/posts/atom.xml @@ -4,8 +4,17 @@ https://davidtsadler.com/posts/atom.xml - 2021-02-15T12:00:00Z + 2021-05-27T12:00:00Z + Wildcard Certificates with Let's Encrypt + https://davidtsadler.com/posts/letsencrypt/2021-05-27/wildcard-certificates-with-lets-encrypt/index.html + + David T. Sadler. + 2021-05-27T12:00:00Z + 2021-05-27T12:00:00Z + <h1>Wildcard Certificates with Let's Encrypt</h1><blockquote>Thu 27th May 2021 By David T. Sadler.</blockquote><p>Currently my little bit of the internet is davidtsadler.com. However I have a few ideas for some other projects that I would like to host under a subdomain. For example at some point I want to make my source code available at git.davidtsadler.com. I also want SSL on each of the sites.</p><p>Since I'm self hosting my sites I can make use of Let's Encrypt to obtain the nessecary certificates. However I don't want the hassle of maintaing a seperate certificate for each site so I'm going with having a single wildcard certificate that will be valid for each subdomain.</p><p>Obtaining a wildcard certificate can be done with the certbot command.</p><pre><code class="shell">$ sudo certbot certonly --manual --preferred-challenges=dns --email me@email.com --agree-tos -d &quot;*.davidtsadler.com,davidtsadler.com&quot;</code></pre><ul><li>certonly This will obtain and save the certificate but will not install it. That is left to you.</li><li>--manual Obtains certificates interactively.</li><li>--preferred-challenges=dns Tells certbot that I will use the dns method to prove I own the domain name.</li><li>--email Email address used for registration and recovery contact.</li><li>--agree-tos Automatically agree to the terms of service.</li><li>-d Comma seperataed list of domain names that the certificate should cover.</li></ul><p>There are a couple of things to note with the above command. For starters I had to specifiy both *.davidtsadler and davidtsadler.com as the domains. This is because if I did not include davidtsadler.com then only subdomains would be covered by the certificate. In other words *.davidtsadler means any subdomain under davidtsadler.com but not the domain davidtsadler.com itself. </p><p>Secondaly, due to how my dns is been managed I could not have certbot automatically add the appropriate dns entries in order for it to validate the authenancy of the domain name. Instead certbot displayed the instructions needed to manually add two TXT records to my dns. Once I had done this certbot was happy that I owned the domain that the certificate would cover.</p><p>Running the certbot command results in the certificates been saved in /etc/letsencrypt/live/davidtsadler.com/</p><p>After that all I need to do is ensure that Apache has SSL support enabled and then add the below settings to my vhost file which tells Apache where to find the certificates.</p><pre>SSLCertificateFile /etc/letsencrypt/live/davidtsadler.com/fullchain.pem +SSLCertificateKeyFile /etc/letsencrypt/live/davidtsadler.com/privkey.pem</pre><p>Now in future I can simply create the required vhost file for the new subdomain site and have it use the same certificate as the others.</p><h3>Links</h3><a href="https://davidtsadler.com">davidtsadler.com - My little bit of the internet.</a><a href="/posts/letsencrypt/">Let's Encrypt - Read More Posts.</a><p>I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to.</p><a href="mailto:david@davidtsadler.com">Email david@davidtsadler.com</a><h3>License</h3><a href="https://creativecommons.org/licenses/by-sa/4.0/">The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.</a><p>Copyright © 2021 David T. Sadler.</p><a href="/">Return to Homepage.</a> + Accessing Nextcloud With WebDAV on Arch https://davidtsadler.com/posts/nextcloud/2021-02-15/accessing-nextcloud-with-webdav-on-arch/index.html diff --git a/www/posts/index.html b/www/posts/index.html index f3718ae..1183586 100644 --- a/www/posts/index.html +++ b/www/posts/index.html @@ -18,7 +18,7 @@ -

The Home of David T. Sadler - All Posts

2021-02-15 - Accessing Nextcloud With WebDAV on Arch2021-02-08 - How to Host Your Own Gemini Site in the Cloud2021-01-18 - Installing PHP 8 for Windows 102020-12-21 - Installing Laravel Homestead in Arch Linux2020-12-14 - SQLSTATE[HY000] [2002] php_network_getaddresses: getaddrinfo failed2020-09-07 - Installing Zsh and Powerlevel10k on Arch Linux2020-08-31 - Enabling Audio in Arch Linux2020-08-24 - Pacman Cheat Sheet For Ubuntu Users2020-08-17 - Installing ST, DMENU and DWM in Arch Linux2020-07-13 - Sudo: sorry, you must have a tty to run sudo2020-06-22 - Granting Sudo Access to a User in Arch Linux2020-06-15 - Adding a User in Arch Linux2020-06-08 - Publishing Jigsaw Posts With Netlify Build Hooks2020-06-01 - Scheduling Posts in Jigsaw2020-05-25 - Installing Arch Linux on a Thinkpad X2202020-03-30 - Creating an Ebook With Markdown

License

The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Copyright © 2021 David T. Sadler.

Return to Homepage.
+

The Home of David T. Sadler - All Posts

2021-05-27 - Wildcard Certificates with Let's Encrypt2021-02-15 - Accessing Nextcloud With WebDAV on Arch2021-02-08 - How to Host Your Own Gemini Site in the Cloud2021-01-18 - Installing PHP 8 for Windows 102020-12-21 - Installing Laravel Homestead in Arch Linux2020-12-14 - SQLSTATE[HY000] [2002] php_network_getaddresses: getaddrinfo failed2020-09-07 - Installing Zsh and Powerlevel10k on Arch Linux2020-08-31 - Enabling Audio in Arch Linux2020-08-24 - Pacman Cheat Sheet For Ubuntu Users2020-08-17 - Installing ST, DMENU and DWM in Arch Linux2020-07-13 - Sudo: sorry, you must have a tty to run sudo2020-06-22 - Granting Sudo Access to a User in Arch Linux2020-06-15 - Adding a User in Arch Linux2020-06-08 - Publishing Jigsaw Posts With Netlify Build Hooks2020-06-01 - Scheduling Posts in Jigsaw2020-05-25 - Installing Arch Linux on a Thinkpad X2202020-03-30 - Creating an Ebook With Markdown

License

The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Copyright © 2021 David T. Sadler.

Return to Homepage.
diff --git a/www/posts/letsencrypt/2021-05-27/wildcard-certificates-with-lets-encrypt/index.html b/www/posts/letsencrypt/2021-05-27/wildcard-certificates-with-lets-encrypt/index.html new file mode 100644 index 0000000..8228b70 --- /dev/null +++ b/www/posts/letsencrypt/2021-05-27/wildcard-certificates-with-lets-encrypt/index.html @@ -0,0 +1,26 @@ + + + + + + Wildcard Certificates with Let's Encrypt + + + + + + + + + + + + + + +

Wildcard Certificates with Let's Encrypt

Thu 27th May 2021 By David T. Sadler.

Currently my little bit of the internet is davidtsadler.com. However I have a few ideas for some other projects that I would like to host under a subdomain. For example at some point I want to make my source code available at git.davidtsadler.com. I also want SSL on each of the sites.

Since I'm self hosting my sites I can make use of Let's Encrypt to obtain the nessecary certificates. However I don't want the hassle of maintaing a seperate certificate for each site so I'm going with having a single wildcard certificate that will be valid for each subdomain.

Obtaining a wildcard certificate can be done with the certbot command.

$ sudo certbot certonly --manual --preferred-challenges=dns --email me@email.com --agree-tos -d "*.davidtsadler.com,davidtsadler.com"
  • certonly This will obtain and save the certificate but will not install it. That is left to you.
  • --manual Obtains certificates interactively.
  • --preferred-challenges=dns Tells certbot that I will use the dns method to prove I own the domain name.
  • --email Email address used for registration and recovery contact.
  • --agree-tos Automatically agree to the terms of service.
  • -d Comma seperataed list of domain names that the certificate should cover.

There are a couple of things to note with the above command. For starters I had to specifiy both *.davidtsadler and davidtsadler.com as the domains. This is because if I did not include davidtsadler.com then only subdomains would be covered by the certificate. In other words *.davidtsadler means any subdomain under davidtsadler.com but not the domain davidtsadler.com itself.

Secondaly, due to how my dns is been managed I could not have certbot automatically add the appropriate dns entries in order for it to validate the authenancy of the domain name. Instead certbot displayed the instructions needed to manually add two TXT records to my dns. Once I had done this certbot was happy that I owned the domain that the certificate would cover.

Running the certbot command results in the certificates been saved in /etc/letsencrypt/live/davidtsadler.com/

After that all I need to do is ensure that Apache has SSL support enabled and then add the below settings to my vhost file which tells Apache where to find the certificates.

SSLCertificateFile /etc/letsencrypt/live/davidtsadler.com/fullchain.pem
+SSLCertificateKeyFile /etc/letsencrypt/live/davidtsadler.com/privkey.pem

Now in future I can simply create the required vhost file for the new subdomain site and have it use the same certificate as the others.

Links

davidtsadler.com - My little bit of the internet.Let's Encrypt - Read More Posts.

I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to.

Email david@davidtsadler.com

License

The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Copyright © 2021 David T. Sadler.

Return to Homepage.
+ + + + diff --git a/www/posts/letsencrypt/atom.xml b/www/posts/letsencrypt/atom.xml new file mode 100644 index 0000000..5b6319e --- /dev/null +++ b/www/posts/letsencrypt/atom.xml @@ -0,0 +1,18 @@ + + + The Home of David T. Sadler - All Posts About Let's Encrypt + https://davidtsadler.com/posts/letsencrypt/atom.xml + + + 2021-05-27T12:00:00Z + + Wildcard Certificates with Let's Encrypt + https://davidtsadler.com/posts/letsencrypt/2021-05-27/wildcard-certificates-with-lets-encrypt/index.html + + David T. Sadler. + 2021-05-27T12:00:00Z + 2021-05-27T12:00:00Z + <h1>Wildcard Certificates with Let's Encrypt</h1><blockquote>Thu 27th May 2021 By David T. Sadler.</blockquote><p>Currently my little bit of the internet is davidtsadler.com. However I have a few ideas for some other projects that I would like to host under a subdomain. For example at some point I want to make my source code available at git.davidtsadler.com. I also want SSL on each of the sites.</p><p>Since I'm self hosting my sites I can make use of Let's Encrypt to obtain the nessecary certificates. However I don't want the hassle of maintaing a seperate certificate for each site so I'm going with having a single wildcard certificate that will be valid for each subdomain.</p><p>Obtaining a wildcard certificate can be done with the certbot command.</p><pre><code class="shell">$ sudo certbot certonly --manual --preferred-challenges=dns --email me@email.com --agree-tos -d &quot;*.davidtsadler.com,davidtsadler.com&quot;</code></pre><ul><li>certonly This will obtain and save the certificate but will not install it. That is left to you.</li><li>--manual Obtains certificates interactively.</li><li>--preferred-challenges=dns Tells certbot that I will use the dns method to prove I own the domain name.</li><li>--email Email address used for registration and recovery contact.</li><li>--agree-tos Automatically agree to the terms of service.</li><li>-d Comma seperataed list of domain names that the certificate should cover.</li></ul><p>There are a couple of things to note with the above command. For starters I had to specifiy both *.davidtsadler and davidtsadler.com as the domains. This is because if I did not include davidtsadler.com then only subdomains would be covered by the certificate. In other words *.davidtsadler means any subdomain under davidtsadler.com but not the domain davidtsadler.com itself. </p><p>Secondaly, due to how my dns is been managed I could not have certbot automatically add the appropriate dns entries in order for it to validate the authenancy of the domain name. Instead certbot displayed the instructions needed to manually add two TXT records to my dns. Once I had done this certbot was happy that I owned the domain that the certificate would cover.</p><p>Running the certbot command results in the certificates been saved in /etc/letsencrypt/live/davidtsadler.com/</p><p>After that all I need to do is ensure that Apache has SSL support enabled and then add the below settings to my vhost file which tells Apache where to find the certificates.</p><pre>SSLCertificateFile /etc/letsencrypt/live/davidtsadler.com/fullchain.pem +SSLCertificateKeyFile /etc/letsencrypt/live/davidtsadler.com/privkey.pem</pre><p>Now in future I can simply create the required vhost file for the new subdomain site and have it use the same certificate as the others.</p><h3>Links</h3><a href="https://davidtsadler.com">davidtsadler.com - My little bit of the internet.</a><a href="/posts/letsencrypt/">Let's Encrypt - Read More Posts.</a><p>I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to.</p><a href="mailto:david@davidtsadler.com">Email david@davidtsadler.com</a><h3>License</h3><a href="https://creativecommons.org/licenses/by-sa/4.0/">The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.</a><p>Copyright © 2021 David T. Sadler.</p><a href="/">Return to Homepage.</a> + + \ No newline at end of file diff --git a/www/posts/letsencrypt/index.html b/www/posts/letsencrypt/index.html new file mode 100644 index 0000000..6b8e7f3 --- /dev/null +++ b/www/posts/letsencrypt/index.html @@ -0,0 +1,25 @@ + + + + + + The Home of David T. Sadler - All Posts About Let's Encrypt + + + + + + + + + + + + + + +

The Home of David T. Sadler - All Posts About Let's Encrypt

2021-05-27 - Wildcard Certificates with Let's Encrypt

License

The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Copyright © 2021 David T. Sadler.

Return to Homepage.
+ + + + diff --git a/www/sitemap.xml b/www/sitemap.xml index 858dd4f..a1c5af2 100644 --- a/www/sitemap.xml +++ b/www/sitemap.xml @@ -1,6 +1,10 @@ + https://davidtsadler.com/posts/letsencrypt/2021-05-27/wildcard-certificates-with-lets-encrypt/index.html + 2021-05-27T12:00:00Z + never + https://davidtsadler.com/posts/nextcloud/2021-02-15/accessing-nextcloud-with-webdav-on-arch/index.html 2021-02-15T12:00:00Z never -- cgit v1.2.3-13-gbd6f