Self-Signed SSL Certificate / Certbot: Difference between revisions
Jump to navigation
Jump to search
Jgutierrez6 (talk | contribs) |
Jgutierrez6 (talk | contribs) |
||
| Line 18: | Line 18: | ||
== How To Add UCSF IT SSL Cert == | == How To Add UCSF IT SSL Cert == | ||
#File an SSL Ticket Request with UCSF IT [https://ucsf.service-now.com/ucsfit?id=ucsf_index here]. | #File an SSL Ticket Request with UCSF IT [https://ucsf.service-now.com/ucsfit?id=ucsf_index here]. | ||
#Download their Certificates | #Download their Certificates using wget '<link>' | ||
#Remove Let’s Encrypt Cert | #Remove Let’s Encrypt Cert | ||
#*<source>certbot delete --cert-name domain.com</source> | #*<source>certbot delete --cert-name domain.com</source> | ||
Revision as of 02:23, 7 January 2025
Introduction
We self sign our SSL Certificates for our websites proxied at these machines:
- files2
- vav
- bksmailman
How To Self-Sign A Website(s)
Assuming that you are already running the software/app on httpd then we can begin.
- The command is:
certbot --apache <options>
- Usually, I just use the '-d' domain flag:
certbot --apache -d sample.docking.org
How To Remove SSL Cert From A Domain
- You should only do this if UCSF IT gave you an SSL Cert to use or you are migrating a domain name to another site.
- certbot delete --cert-name sample.docking.org
How To Add UCSF IT SSL Cert
- File an SSL Ticket Request with UCSF IT here.
- Download their Certificates using wget '<link>'
- Remove Let’s Encrypt Cert
certbot delete --cert-name domain.com
openssl req -new -newkey rsa:2048 -nodes -out servername.csr -keyout servername.key
- Create a directory to store the Certificate
- Go to the <name>-le-ssl.conf of the site and at the bottom replace these with the path of where you put the Certificate
SSLCertificateFile <new path>
SSLCertificateKeyFile <new path>
SSLCertificateChainFile <new path>