Self-Signed SSL Certificate / Certbot

From DISI
Jump to navigation Jump to search

Introduction

We self sign our SSL Certificates for our websites proxied at these machines:

  • files2
  • vav
  • bksmailman

How To Self-Sign A Website(s)

Assuming that you are already running the software/app on httpd then we can begin.

  1. The command is: 
    • certbot --apache <options>
  2. Usually, I just use the '-d' domain flag: 
    • certbot --apache -d sample.docking.org

How To Remove SSL Cert From A Domain

  1. You should only do this if UCSF IT gave you an SSL Cert to use or you are migrating a domain name to another site.
    • certbot delete --cert-name sample.docking.org

How To Add UCSF IT SSL Cert

  1. File an SSL Ticket Request with UCSF IT
  2. Download their Certificates and replace them with letsencrypt ones
  3. Remove Let’s Encrypt Cert 
    • certbot delete --cert-name domain.com
    • openssl req -new -newkey rsa:2048 -nodes -out servername.csr -keyout servername.key
  4. Create a directory to store the Certificate
  5. Go to the <name>-le-ssl.conf of the site and at the bottom replace these with the path of where you put the Certificate
SSLCertificateFile <new path>
SSLCertificateKeyFile <new path>
SSLCertificateChainFile <new path>
Retrieved from "http://wiki.docking.org/index.php?title=Self-Signed_SSL_Certificate_/_Certbot&oldid=14209"