Self-Signed SSL Certificate / Certbot

From DISI
Jump to navigation Jump to search

Introduction

We self sign our SSL Certificates for our websites proxied at these machines:

  • files2
  • vav
  • bksmailman

How To Self-Sign A Website(s)

Assuming that you are already running the software/app on httpd then we can begin.

  1. The command is: 
    • certbot --apache <options>
  2. Usually, I just use the '-d' domain flag: 
    • certbot --apache -d sample.docking.org

How To Remove SSL Cert From A Domain

  1. You should only do this if UCSF IT gave you an SSL Cert to use or you are migrating a domain name to another site.
    • certbot delete --cert-name sample.docking.org

How To Add UCSF IT SSL Cert

  1. File an SSL Ticket Request with UCSF IT here.
  2. Download their Certificates using wget '<link>'
  3. Remove Let’s Encrypt Cert 
    • certbot delete --cert-name domain.com
    • openssl req -new -newkey rsa:2048 -nodes -out servername.csr -keyout servername.key
  4. Create a directory to store the Certificate
  5. Go to the <name>-le-ssl.conf of the site and at the bottom replace these with the path of where you put the Certificate
SSLCertificateFile <new path>
SSLCertificateKeyFile <new path>
SSLCertificateChainFile <new path>
Retrieved from "http://wiki.docking.org/index.php?title=Self-Signed_SSL_Certificate_/_Certbot&oldid=16495"