⇤ ← Revision 1 as of 2017-09-05 01:59:55
2264
Comment:
|
2312
|
Deletions are marked like this. | Additions are marked like this. |
Line 3: | Line 3: |
* Links: [[Linux/OpenSSL]] , [[security/ssl]] |
Links: Linux/OpenSSL , security/ssl
LetsEncrypt - Free certificate authority
- Web server updates can be automated.
Cloudflare - LetsEncrypt certificate automation
- Use the letsencrypt certbot package on ubuntu
- Run
export CF_EMAIL='name@me.com' export CF_KEY='PutCFKeyHere-AND-REMOVE' certbot certonly \ --manual \ --preferred-challenges dns \ --manual-auth-hook ~/certbot-cloudflare-hook-authenticator.sh \ --config-dir . \ --work-dir . \ --logs-dir . \ -d test1.me.com \ -d test2.me.com \ -d www.me.com
- Bash script
## certbot certonly --manual --preferred-challenges=dns --manual-auth-hook ~/certbot-cloudflare-hook-authenticator.sh -d secure.me.com # # Get your API key from https://www.cloudflare.com/a/account/my-account API_KEY="$CF_KEY" EMAIL="$CF_EMAIL" # Strip only the top domain to get the zone id DOMAIN=$(expr match "$CERTBOT_DOMAIN" '.*\.\(.*\..*\)') # Get the Cloudflare zone id ZONE_EXTRA_PARAMS="status=active&page=1&per_page=20&order=status&direction=desc&match=all" ZONE_ID=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones?name=$DOMAIN&$ZONE_EXTRA_PARAMS" \ -H "X-Auth-Email: $EMAIL" \ -H "X-Auth-Key: $API_KEY" \ -H "Content-Type: application/json" | python -c "import sys,json;print(json.load(sys.stdin)['result'][0]['id'])") # Create TXT record CREATE_DOMAIN="_acme-challenge.$CERTBOT_DOMAIN" RECORD_ID=$(curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records" \ -H "X-Auth-Email: $EMAIL" \ -H "X-Auth-Key: $API_KEY" \ -H "Content-Type: application/json" \ --data '{"type":"TXT","name":"'"$CREATE_DOMAIN"'","content":"'"$CERTBOT_VALIDATION"'","ttl":120}' \ | python -c "import sys,json;print(json.load(sys.stdin)['result']['id'])") # Save info for cleanup if [ ! -d /tmp/CERTBOT_$CERTBOT_DOMAIN ];then mkdir -m 0700 /tmp/CERTBOT_$CERTBOT_DOMAIN fi echo $ZONE_ID > /tmp/CERTBOT_$CERTBOT_DOMAIN/ZONE_ID echo $RECORD_ID > /tmp/CERTBOT_$CERTBOT_DOMAIN/RECORD_ID # Sleep to make sure the change has time to propagate over to DNS sleep 25
...