Skip to content

Coool/dtc-getssl

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

README.md

README.md

 
 

dtc-getssl

dtc-getssl

 
 

dtc-getssl-update

dtc-getssl-update

 
 

Repository files navigation

Let's Encrypt DTC

I've been hacking away at getting DTC set up to use Googles' Let's Encrypt.
Here's my work so far…
https://www.yournet.co.nz/getssl/
There are two files:
  • getssl – the getssl script that you get from the getssl site.
  • dtc-getssl

About dtc-getssl

This is a wrapper around getssl to do the stuff that DTC needs done to make it work.
To execute you:
  • Need to have the files in /home/dtc
  • Run ./dtc-getssl -a <ADMIN NAME> -d <DOMAIN NAME> -s <SUB DOMAIN> -c
    Where
    * ADMIN NAME is the DTC Admin name of the account that the domain is located in.
    * DOMAIN NAME is the domain name you want the cert for.
    * SUB DOMAIN is the subdomain of the domain you want the cert for.
    What we're doing is just creating the right stuff with the right permissions so it will all work in DTC.
    eg:  ./dtc-getssl -a deafblindassociation -d deafblindassociation.nz -s www -c
    getssl will create you a folder for the sub/domain combination in the .getssl folder.
    dtc-getssl wil then display a bunch of information that you need to copy into the getssl.cfg file.
  • Then edit the getssl.cfg file for the domaineg:  /home/dtc/.getssl/www.deafblindassociation.nz/getssl.cfg
    In the case of our example:
    #This tells getssl where to find the file it makes so that it can verify we actually own the domain.
    ACL=('/var/www/sites/deafblindassociation/deafblindassociation.nz/subdomains/www/html/.well-known/acme-challenge')
    #This tells getsll to use the ACL above for all and any verification's even if we're getting a cert for more than one subdomain (which I don't think we should be).
    USE_SINGLE_ACL="true"
    #These lines just tell getssl where to put the files once it's made them.
    DOMAIN_CERT_LOCATION="/var/www/sites/deafblindassociation/deafblindassociation.nz/subdomains/www/ssl/www.deafblindassociation.nz.cert.cert"
    DOMAIN_KEY_LOCATION="/var/www/sites/deafblindassociation/deafblindassociation.nz/subdomains/www/ssl/www.deafblindassociation.nz.cert.key"
    CA_CERT_LOCATION="/var/www/sites/deafblindassociation/deafblindassociation.nz/subdomains/www/ssl/www.deafblindassociation.nz.cert.ca"
    You also need to make sure the production ssl server isn’t commented out and that the test one is.
    # The staging server is best for testing
    #CA="https://acme-staging.api.letsencrypt.org"
    # This server issues full certificates, however has rate limits
    CA="https://acme-v01.api.letsencrypt.org"
    Finally, comment out the SANS option unless you have reason for it.  You'll see in our example the getssl script seemed to think we want a subdomain included that we don't.
    #SANS="dtc.yournet.co.nz"
  • Now Run ./dtc-getssl -a <ADMIN NAME> -d <DOMAIN NAME> -s <SUB DOMAIN> without the -c option
    You should see getssl generate the keys for you.
    We need this wrapper because we're running the script with the correct user (dtc) so that we get the correct permissions on the file.
  • Restart apache2
    getssl does have the ability to restart the web server and we will need to do this in future, but this script is way to green to be letting it restart your production system without doing a bit of checking first!

About

DTC (https://en.wikipedia.org/wiki/Domain_Technologie_Control) getssl

blog.yournet.co.nz/2017/05/21/lets-encrypt-dtc/

Topics

letsencrypt ssh ssl certificate acme hosting remote control-panel ssl-certificate acme-server getssl domain-technologie-control web-hosting-control-panel

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages