SSL and TLS Archives

Certificate Authority

8 September 2025 by Chris Taylor

Updated: 08 September 2025

Create a Certificate Authority for research and development https://github.com/ChrisTaylorDeveloper/cert-authority-in-docker

Let’s Encrypt

21 May 20252 August 2024 by Chris Taylor

Updated: 21 May 2025

DNS-01 challenge

The dns-01 challenge asks you to prove you control the DNS for a domain by putting a specific value in a TXT record, under that domain.

docker run -it --rm \
    -v "/home/chris/Desktop/do.ini:/tmp/do.ini" \
    -v "/home/chris/Desktop/certs:/etc/letsencrypt/live" \
    certbot/dns-digitalocean certonly \
    --dns-digitalocean --dns-digitalocean-credentials /tmp/do.ini \
    --dry-run -d example.com

Notes

certbot-dns-digitalocean documentation.
Contents of ~/Desktop/do.ini like this dns_digitalocean_token = token_here
Certbot, with it’s dns-digitalocean plugin will add a TXT record via the Digital Ocean API.
Place Digital Ocean API key in ~/Desktop/do.ini.
Certificates (x4) are saved to ~/Desktop/certs.
Note the --dry-run option.

SSL

9 August 202512 August 2022 by Chris Taylor

Updated: 09 August 2025

Diagnose problems with certificates

Create self-signed certificates for Apache

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/ssl/private/apache-selfsigned.key \
-out /etc/ssl/certs/apache-selfsigned.crt

See Digital Ocean, how to create self-signed certs
See Self-signed wildcard cert check project on GitHub

Mozilla SSL configuration generator

https://ssl-config.mozilla.org/