SSL Archives - Chris Taylor Developer

Let’s Encrypt

2 August 2024 by Chris Taylor

Updated: 02 August 2024

DNS-01 challenge

The dns-01 challenge asks you to prove that you control the DNS for your domain name by putting a specific value in a TXT record under that domain name.

docker run -it --rm \
    -v "/home/chris/Desktop/do.ini:/tmp/do.ini" \
    -v "/home/chris/Desktop/certs:/etc/letsencrypt/live" \
    certbot/dns-digitalocean certonly \
    --dns-digitalocean --dns-digitalocean-credentials /tmp/do.ini \
    --dry-run -d example.com

certbot-dns-digitalocean documentation

Certbot, with it’s dns-digitalocean plugin will add a TXT record via the Digital Ocean API.
Place Digital Ocean API key in ~/Desktop/do.ini
Certificates (x4) are saved to ~/Desktop/certs
Note the --dry-run option.

Mozilla SSL configuration generator

1 April 202427 December 2022 by Chris Taylor

Updated: 29 December 2022

https://ssl-config.mozilla.org/

SSL

27 June 202412 August 2022 by Chris Taylor

Updated: 27 June 2024

Diagnose problems with certificates

Create self-signed certificates for Apache

https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-20-04

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/ssl/private/apache-selfsigned.key \
-out /etc/ssl/certs/apache-selfsigned.crt