Steve Borba

My notes, I hope they help you, feel free to comment/add to them

Let’s Encrypt

Install scripts including one to interact with apache

apt install letsencrypt python-letsencrypt-apache

I am crazy and want a Must Staple certificate

openssl req -new -sha256 -newkey rsa:4096 -nodes\
  -keyout steveborba.com.privkey -out must-staple.steveborba.com.csr\
  -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <\
  (printf "[SAN]\nsubjectAltName=DNS:steveborba.com,DNS:www.steveborba.com\n1.3.6.1.5.5.7.1.24=DER:30:03:02:01:05"))

letsencrypt -vv certonly --csr must-staple.steveborba.com.csr

<Add apache config to allow must staple>

openssl req -new -sha256 -newkey rsa:4096 -nodes\
  -keyout steveborba.com.privkey -out steveborba.com.csr
 

I’ve had a problem that the spaces between nodes and keyout are making things not work right

certbot --authenticator standalone --installer apache --pre-hook "service apache2 stop" --post-hook "service apache2 start"

Thats how I’ve got it working sometimes

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>