Self-Signed SSL Certificate / Certbot

Introduction

We self sign our SSL Certificates for our websites proxied at these machines:

• files2
• vav
• bksmailman

How To Self-Sign A Website(s)

Assuming that you are already running the software/app on httpd then we can begin.

1. The command is:

   • certbot --apache <options>

2. Usually, I just use the '-d' domain flag:

   • certbot --apache -d sample.docking.org

How To Remove SSL Cert From A Domain

1. You should only do this if UCSF IT gave you an SSL Cert to use or you are migrating a domain name to another site.
   • certbot delete --cert-name sample.docking.org

How To Get a UCSF SSL Cert and Replace LetsEncrypt Certs

1. File a SSL Ticket Request with UCSF IT here.
   • Create a CSR

   openssl req -new -newkey rsa:2048 -nodes -out servername.csr -keyout servername.key

2. Create a directory to store the new Certificates
3. Download "Certificate Only" and "Certificate with chain" using wget '<link>' and store in the newly created directory.
4. Remove Let’s Encrypt Cert if it exists

   • certbot delete --cert-name domain.com

5. Go to the /etc/httpd/conf.d/<name>-le-ssl.conf of the site and at the bottom replace these with the path of where you put the Certificate

   SSLCertificateFile <new path>
   SSLCertificateKeyFile <new path>
   SSLCertificateChainFile <new path>