Jackie, also known by his nick-name KK, always strives for the best and learn from the best. Working and living as a Freelance Web Engineer/ Web Developer & Designer/ Amateur Youtuber/ Husky Lover. If you love one of these things that I love, we already have something in common.
Let's Encrypt is a non-profit certificate authority run by Internet Security Research Group (ISRG) that provides X.509 certificates for Transport Layer Security (TLS) encryption at no charge. The certificate is valid for 90 days, during which renewal can take place at any time. The offer is accompanied by an automated process designed to overcome manual creation, validation, signing, installation, and renewal of certificates for secure websites.
In this article we will see how to issue and auto-renew a wildcard SSL certificate with Cloudflare DNS API.
wget -O - https://get.acme.sh | sh
export CF_Key="your cloudflare api key"
export CF_Email="your cloudflare email"
acme.sh --issue -d jackiesung.com -d *.jackiesung.com --dns dns_cf
acme.sh --issue -d jackiesung.com -d *.jackiesung.com --dns dns_cf -k ec-384
You won't have to add DNS records or to run another command to issue your certificate. Acme.sh will automatically add the DNS records needed for the acme-challenge, then it will wait 120 seconds before launching the validation. If everything is okay, acme.sh will issue your wildcard certificate and cleanup validation DNS records.
root@jackiesung: ~# acme.sh --issue -d jackiesung.com -d *.jackiesung.com --dns dns_cf -k ec-384
[jackiesung 2019, 14:58:08 (UTC+0100)] Multi domain='DNS:jackiesung.com,DNS:*.jackiesung.com'
[jackiesung 2019, 14:58:08 (UTC+0100)] Getting domain auth token for each domain
[jackiesung 2019, 14:58:10 (UTC+0100)] Getting webroot for domain='jackiesung.com'
[jackiesung 2019, 14:58:10 (UTC+0100)] Getting webroot for domain='*.jackiesung.com'
[jackiesung 2019, 14:58:10 (UTC+0100)] Found domain api file: /root/.acme.sh/dnsapi/dns_cf.sh
[jackiesung 2019, 14:58:12 (UTC+0100)] Adding record
[jackiesung 2019, 14:58:12 (UTC+0100)] Added, OK
[jackiesung 2019, 14:58:12 (UTC+0100)] Sleep 120 seconds for the txt records to take effect
[jackiesung 2019, 15:00:14 (UTC+0100)] jackiesung.com is already verified, skip dns-01.
[jackiesung 2019, 15:00:14 (UTC+0100)] Verifying:*.jackiesung.com
[jackiesung 2019, 15:00:17 (UTC+0100)] Pending
[jackiesung 2019, 15:00:19 (UTC+0100)] Success
[jackiesung 2019, 15:00:19 (UTC+0100)] Removing DNS records.
[jackiesung 2019, 15:00:20 (UTC+0100)] Verify finished, start to sign.
[jackiesung 2019, 15:00:22 (UTC+0100)] Cert success.
[jackiesung 2019, 15:00:22 (UTC+0100)] Your cert is in /root/.acme.sh/jackiesung.com_ecc/jackiesung.com.cer
[jackiesung 2019, 15:00:22 (UTC+0100)] Your cert key is in /root/.acme.sh/jackiesung.com_ecc/jackiesung.com.key
[jackiesung 2019, 15:00:22 (UTC+0100)] The intermediate CA cert is in /root/.acme.sh/jackiesung.com_ecc/ca.cer
[jackiesung 2019, 15:00:22 (UTC+0100)] And the full chain certs is there: /root/.acme.sh/jackiesung.com_ecc/fullchain.cer
acme.sh --install-cert -d jackiesung.com \
--cert-file /path/to/certfile/in/apache/cert.pem \
--key-file /path/to/keyfile/in/apache/key.pem \
--fullchain-file /path/to/fullchain/certfile/apache/fullchain.pem \
--reloadcmd "service apache2 force-reload"
acme.sh --install-cert -d jackiesung.com \
--key-file /path/to/keyfile/in/nginx/key.pem \
--fullchain-file /path/to/fullchain/nginx/cert.pem \
--reloadcmd "/etc/init.d/nginx restart"
Copyright Statement: Original Article of JackieSung.com
qBittorrent is a cross-platform free and open-source BitTorrent client, available on many operating systems, including: FreeBSD, Linux, macOS, OS/2 (including ArcaOS and eComStation), Windows. This tutorial will be showing you how to install qBittorrent on CentOS...
OneList is a OneDrive files directory index application written in GoLang. In this post, we're gonna install and configure OneList - a simple index for onedrive. Github: https://github.com/MoeClub/OneList Step 1 - Preparation Install Golang cd ~ && curl -O...
OLAINDEX is a OneDrive files directory index application, based on the elegant PHP framework Laravel 5.8. With Microsoft Graph, this application can be authorized to call APIs when they are granted permissions by users/admins as part of the consent process to obtain...
Proxmox VE is a complete open-source platform for enterprise virtualization. With the built-in web interface you can easily manage VMs and containers, software-defined storage and networking, high-availability clustering, and multiple out-of-the-box tools on a single...
0 Comments