Updated: 08 September 2025
Create a Certificate Authority for research and development https://github.com/ChrisTaylorDeveloper/cert-authority-in-docker
SSL and TLS
Let’s Encrypt
Updated: 21 May 2025
DNS-01 challenge
The dns-01 challenge asks you to prove you control the DNS for a domain by putting a specific value in a TXT record, under that domain.
docker run -it --rm \
-v "/home/chris/Desktop/do.ini:/tmp/do.ini" \
-v "/home/chris/Desktop/certs:/etc/letsencrypt/live" \
certbot/dns-digitalocean certonly \
--dns-digitalocean --dns-digitalocean-credentials /tmp/do.ini \
--dry-run -d example.comNotes
- certbot-dns-digitalocean documentation.
- Contents of ~/Desktop/do.ini like this
dns_digitalocean_token = token_here - Certbot, with it’s dns-digitalocean plugin will add a TXT record via the Digital Ocean API.
- Place Digital Ocean API key in
~/Desktop/do.ini. - Certificates (x4) are saved to
~/Desktop/certs. - Note the
--dry-runoption.
SSL
Updated: 11 February 2026
Create self-signed certs
Accept default answers to questions except Common Name, which should be your domain name.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout foo.key -out foo.crtUse the files generated in an Apache virtual host
<VirtualHost *:443>
...
SSLCertificateFile /etc/ssl/certs/foo.crt
SSLCertificateKeyFile /etc/ssl/private/foo.key
</VirtualHost>See Digital Ocean, how to create self-signed certs
See Self-signed wildcard cert check project on GitHub