# Creating an SSL certificate for a domain name
# I- Installations
Install
certboton the server
apt install certbot
# II- Normal domains
certbot certonly --force-renewal --non-interactive --agree-tos -m khacloud.saas@gmail.com --webroot -w /var/khacloud/ssl/public/ -d "domain.com" -d "www.domain.com" -d "admin.domain.com"
# III- Wildcard domains
Install DigitalOcean plugin (
certbot-dns-digitalocean) or a Manual plugin (certbot-dns-manual) for manual DNS verification on the server
# DigitalOcean plugin :
apt install python3-certbot-dns-digitalocean
Create folder and edit the
digitalocean.inifile with the text bellow
mkdir ~/.secrets/
mkdir ~/.secrets/certbot/
nano ~/.secrets/certbot/digitalocean.ini
# DigitalOcean API credentials used by Certbot
dns_digitalocean_token = <TOKEN_HERE>
# Manual plugin :
pip install certbot-dns-manual
# Certs (SSL) creation
For cert creation you can run this command
certbot certonly --dns-digitalocean --dns-digitalocean-credentials ~/.secrets/certbot/digitalocean.ini --dns-digitalocean-propagation-seconds 140 -d "*.domain.com" -d "domain.com"
IMPORTANT You have to manually create all.pem and sync cert to all loadbalancers (Task: 'ssl-sync-all')
# III- Coding Server Domain
Stop
code-server
sudo systemctl stop code-server@root.service
(If
certbot_venvenvironment not installed) follow these instructions to install it and initiate it
python3 -m venv certbot_venv
source certbot_venv/bin/activate
pip install certbot
pip install certbot-nginx
(If
certbot_venvenvironment is installed) Then activate it
source certbot_venv/bin/activate
Renew the SSL cert
certbot --non-interactive --redirect --agree-tos --nginx -d coding.cyberocean.tn -m khacloud.saas@gmail.com
Start
code-server
sudo systemctl start code-server@root.service
# III- KhaCloud Server
Certficate Generation
certbot certonly --force-renewal --non-interactive --agree-tos -m khacloud.saas@gmail.com --webroot -w /var/khacloud/ssl/public/ -d "khacloud.xyz" -d "www.khacloud.xyz" -d "ww3.khacloud.xyz" -d "admin.khacloud.xyz" -d "api.khacloud.xyz" -d "console.khacloud.xyz" -d "dashboard.khacloud.xyz" -d "cloud.khacloud.xyz" -d "mail.khacloud.xyz" -d "ns.khacloud.xyz" -d "blog.khacloud.xyz" -d "crm.khacloud.xyz" -d "cpanel.khacloud.xyz" -d "board.khacloud.xyz" -d "chat.khacloud.xyz" -d "support.khacloud.xyz" -d "company.khacloud.xyz" -d "learn.khacloud.xyz" -d "wiki.khacloud.xyz" -d "doc.khacloud.xyz" -d "docs.khacloud.xyz" -d "help.khacloud.xyz" -d "devops.khacloud.xyz" -d "developers.khacloud.xyz" -d "groups.khacloud.xyz" -d "answers.khacloud.xyz" -d "forum.khacloud.xyz" -d "hack.khacloud.xyz" -d "my.khacloud.xyz" -d "edu.khacloud.xyz" -d "book.khacloud.xyz"
cd /etc/letsencrypt/live/khacloud.xyz/
cat cert.pem chain.pem fullchain.pem privkey.pem > all.pem
Add cert location to the import list of HAProxy
echo "/etc/letsencrypt/live/khacloud.xyz/all.pem" >> /etc/letsencrypt/live/certs.list
Reload HAProxy
service haproxy reload