Self-Signed SSL Certificate / Certbot: Difference between revisions

Revision as of 02:38, 7 January 2025

We self sign our SSL Certificates for our websites proxied at these machines:

Assuming that you are already running the software/app on httpd then we can begin.

The command is:
- ```
certbot --apache <options>
```
Usually, I just use the '-d' domain flag:
- ```
certbot --apache -d sample.docking.org
```

You should only do this if UCSF IT gave you an SSL Cert to use or you are migrating a domain name to another site.
- certbot delete --cert-name sample.docking.org

File a SSL Ticket Request with UCSF IT here.

openssl req -new -newkey rsa:2048 -nodes -out servername.csr -keyout servername.key

Create a directory to store the new Certificates
Download "Certificate Only" and "Certificate with chain" using wget '<link>' and store in the newly created directory.
Remove Let’s Encrypt Cert if it exists
- ```
certbot delete --cert-name domain.com
```
Go to the /etc/httpd/conf.d/<name>-le-ssl.conf of the site and at the bottom replace these with the path of where you put the Certificate

SSLCertificateFile <new path>
SSLCertificateKeyFile <new path>
SSLCertificateChainFile <new path>

@@ Line 20: / Line 20: @@
 #* Create a CSR
 #: <source>openssl req -new -newkey rsa:2048 -nodes -out servername.csr -keyout servername.key</source>
-# Create a directory to store the Certificate
+# Create a directory to store the new Certificates
-# Download their Certificates using wget '<link>' and store in that directory
+# Download "Certificate Only" and "Certificate with chain" using wget '<link>' and store in the newly created directory.
 # Remove Let’s Encrypt Cert if it exists
 #*<source>certbot delete --cert-name domain.com</source>