Let’s Encrypt

Updated: 21 May 2025

DNS-01 challenge

The dns-01 challenge asks you to prove you control the DNS for a domain by putting a specific value in a TXT record, under that domain.

docker run -it --rm \
    -v "/home/chris/Desktop/do.ini:/tmp/do.ini" \
    -v "/home/chris/Desktop/certs:/etc/letsencrypt/live" \
    certbot/dns-digitalocean certonly \
    --dns-digitalocean --dns-digitalocean-credentials /tmp/do.ini \
    --dry-run -d example.com

Notes

  • certbot-dns-digitalocean documentation.
  • Contents of ~/Desktop/do.ini like this dns_digitalocean_token = token_here
  • Certbot, with it’s dns-digitalocean plugin will add a TXT record via the Digital Ocean API.
  • Place Digital Ocean API key in ~/Desktop/do.ini.
  • Certificates (x4) are saved to ~/Desktop/certs.
  • Note the --dry-run option.

SSL

Updated: 27 June 2024

Diagnose problems with certificates

Create self-signed certificates for Apache

https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-20-04

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/ssl/private/apache-selfsigned.key \
-out /etc/ssl/certs/apache-selfsigned.crt