SSL Archives

Let’s Encrypt

21 May 20252 August 2024 by Chris Taylor

Updated: 21 May 2025

DNS-01 challenge

The dns-01 challenge asks you to prove you control the DNS for a domain by putting a specific value in a TXT record, under that domain.

docker run -it --rm \
    -v "/home/chris/Desktop/do.ini:/tmp/do.ini" \
    -v "/home/chris/Desktop/certs:/etc/letsencrypt/live" \
    certbot/dns-digitalocean certonly \
    --dns-digitalocean --dns-digitalocean-credentials /tmp/do.ini \
    --dry-run -d example.com

Notes

certbot-dns-digitalocean documentation.
Contents of ~/Desktop/do.ini like this dns_digitalocean_token = token_here
Certbot, with it’s dns-digitalocean plugin will add a TXT record via the Digital Ocean API.
Place Digital Ocean API key in ~/Desktop/do.ini.
Certificates (x4) are saved to ~/Desktop/certs.
Note the --dry-run option.

Mozilla SSL configuration generator

1 April 202427 December 2022 by Chris Taylor

Updated: 29 December 2022

https://ssl-config.mozilla.org/

SSL

27 June 202412 August 2022 by Chris Taylor

Updated: 27 June 2024

Diagnose problems with certificates

Create self-signed certificates for Apache

https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-20-04

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/ssl/private/apache-selfsigned.key \
-out /etc/ssl/certs/apache-selfsigned.crt