Let’s Encrypt

Updated: 02 August 2024

DNS-01 challenge

The dns-01 challenge asks you to prove that you control the DNS for your domain name by putting a specific value in a TXT record under that domain name.

docker run -it --rm \
    -v "/home/chris/Desktop/do.ini:/tmp/do.ini" \
    -v "/home/chris/Desktop/certs:/etc/letsencrypt/live" \
    certbot/dns-digitalocean certonly \
    --dns-digitalocean --dns-digitalocean-credentials /tmp/do.ini \
    --dry-run -d example.com

certbot-dns-digitalocean documentation

  • Certbot, with it’s dns-digitalocean plugin will add a TXT record via the Digital Ocean API.
  • Place Digital Ocean API key in ~/Desktop/do.ini
  • Certificates (x4) are saved to ~/Desktop/certs
  • Note the --dry-run option.

SSL

Updated: 27 June 2024

Diagnose problems with certificates

Create self-signed certificates for Apache

https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-20-04

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/ssl/private/apache-selfsigned.key \
-out /etc/ssl/certs/apache-selfsigned.crt

ufw

Updated: 09 January 2021

List application profiles registered with ufw

ufw app list

Enable the firewall

ufw enable

Check status

ufw status verbose

Find a rule and delete it

sudo ufw status numbered
sudo ufw delete 2

Sample commands when setting up a new server

sudo ufw status verbose
sudo ufw app list
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw enable
sudo ufw status verbose