Certbot: Difference between revisions

(2 intermediate revisions by the same user not shown)

Line 4:

}}

{{#set:feature title = {{PAGENAME}} }}

{{#set:feature description = Certbot, from the Let's Encrypt project of the EFF, provides free and automated SSL certificates ~~for QualityBox~~. }}

{{#set:feature description = Certbot, from the Let's Encrypt project of the EFF, provides free and automated SSL certificates. }}

{{#set:feature notes = For non-public sites, we can still generate certificates using DNS }}

{{#set:feature tests = [https://www.ssllabs.com/ssltest/analyze.html?d={{SERVERNAME}} Test on SSL Labs.com] }}

Line 14:

|type = content

|text =

I recently added Certbot automation to [https://~~mediawiki~~.~~org~~/~~wiki~~/~~Meza Meza~~], so you can have automatic TLS certificates with your [[MediaWiki]] platform.

I recently added Certbot automation to the freephile Meza fork ([https://github.com/freephile/meza/blob/qb/src/roles/ansible-role-certbot-meza/README.md README]), so you can have automatic TLS certificates with your [[MediaWiki]] platform.

[[User:Admin|freephile]] ([[User talk:Admin|talk]]) 17:05, 16 December 2024 (EST)

Line 83:

; How do I see more info about my certificates?

: You can view the 'Security' pane in Chrome Developer Tools, but for quicker access from the command-line, use '''openssl'''

: <~~source~~ lang="bash">sudo openssl x509 -in /etc/haproxy/certs/demo.qualitybox.us.pem -text</~~source~~>

: <syntaxhighlight lang="bash">sudo openssl x509 -in /etc/haproxy/certs/demo.qualitybox.us.pem -text</syntaxhighlight>

: Using <code>keytool</code> you can also quickly inspect the certificate of a host:

: <~~source~~ lang="bash">sudo keytool -printcert -sslserver equality-tech.com</~~source~~>

: <syntaxhighlight lang="bash">sudo keytool -printcert -sslserver equality-tech.com</syntaxhighlight>

; How do I expand a cert to include some sub-domains? ~~(wildcard certs are not supported)~~:

; How do I expand a cert to include some sub-domains?

: Use the <code>--expand</code> option to put multiple domains in the same cert.

: sudo /opt/certbot/certbot certonly --cert-name example.org --expand -d example.org,www.example.org,wiki.example.org,example.com,www.example.com,wiki.example.com

; How do I create a wildcard certificate with LetsEncrypt?

: See https://github.com/geerlingguy/ansible-role-certbot/pull/60#issuecomment-423919284

; How do I cleanup my old/test certificates?:

@@ Line 4: / Line 4: @@
 }}
 {{#set:feature title = {{PAGENAME}} }}
-{{#set:feature description = Certbot, from the Let's Encrypt project of the EFF, provides free and automated SSL certificates for QualityBox. }}
+{{#set:feature description = Certbot, from the Let's Encrypt project of the EFF, provides free and automated SSL certificates. }}
 {{#set:feature notes = For non-public sites, we can still generate certificates using DNS }}
 {{#set:feature tests =  [https://www.ssllabs.com/ssltest/analyze.html?d={{SERVERNAME}} Test on SSL Labs.com] }}
@@ Line 14: / Line 14: @@
 |type = content
 |text =
-I recently added Certbot automation to [https://mediawiki.org/wiki/Meza Meza], so you can have automatic TLS certificates with your [[MediaWiki]] platform.
+I recently added Certbot automation to the freephile Meza fork ([https://github.com/freephile/meza/blob/qb/src/roles/ansible-role-certbot-meza/README.md README]), so you can have automatic TLS certificates with your [[MediaWiki]] platform.
 [[User:Admin|freephile]] ([[User talk:Admin|talk]]) 17:05, 16 December 2024 (EST)
@@ Line 83: / Line 83: @@
 ; How do I see more info about my certificates?
 : You can view the 'Security' pane in Chrome Developer Tools, but for quicker access from the command-line, use '''openssl'''
-: <source lang="bash">sudo openssl x509 -in /etc/haproxy/certs/demo.qualitybox.us.pem -text</source>
+: <syntaxhighlight lang="bash">sudo openssl x509 -in /etc/haproxy/certs/demo.qualitybox.us.pem -text</syntaxhighlight>
 : Using <code>keytool</code> you can also quickly inspect the certificate of a host:
-: <source lang="bash">sudo keytool -printcert -sslserver equality-tech.com</source>
+: <syntaxhighlight lang="bash">sudo keytool -printcert -sslserver equality-tech.com</syntaxhighlight>
-; How do I expand a cert to include some sub-domains? (wildcard certs are not supported):
+; How do I expand a cert to include some sub-domains?
+: Use the <code>--expand</code> option to put multiple domains in the same cert.
 : sudo /opt/certbot/certbot certonly --cert-name example.org --expand -d example.org,www.example.org,wiki.example.org,example.com,www.example.com,wiki.example.com
+; How do I create a wildcard certificate with LetsEncrypt?
+: See https://github.com/geerlingguy/ansible-role-certbot/pull/60#issuecomment-423919284
 ; How do I cleanup my old/test certificates?: