GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → DrMint → Intranet-Lets-Encrypt-Certification

DrMint / Intranet-Lets-Encrypt-Certification

Licence: MIT license
Guide to setting up a Let's Encrypt SSL certificate for a non-public facing server.

Labels

letsencrypttutorialguideintranetssl-certificatelets-encrypt

Projects that are alternatives of or similar to Intranet-Lets-Encrypt-Certification

Dnsrobocert
Orchestrate Certbot and Lexicon together to provide Let's Encrypt TLS certificates validated by DNS challenges
Stars: ✭ 420 (+1455.56%)
Mutual labels:  letsencrypt, ssl-certificate
Uacme
ACMEv2 client written in plain C with minimal dependencies
Stars: ✭ 155 (+474.07%)
Mutual labels:  letsencrypt, ssl-certificate
Lexicon
Manipulate DNS records on various DNS providers in a standardized way.
Stars: ✭ 1,028 (+3707.41%)
Mutual labels:  letsencrypt, ssl-certificate
lets-encrypt-azure
Azure function based Let's Encrypt automation for Azure CDN & app services
Stars: ✭ 60 (+122.22%)
Mutual labels:  letsencrypt, lets-encrypt
openconnect-installer
Automatically set up an Openconnect/Anyconnect VPN server(ocserv) with Let's Encrypt with just one command in CentOS 8.
Stars: ✭ 64 (+137.04%)
Mutual labels:  letsencrypt, lets-encrypt
docker-haproxy-certbot
Dockerized HAProxy with Let's Encrypt certificates automatic renewal
Stars: ✭ 28 (+3.7%)
Mutual labels:  letsencrypt, lets-encrypt
Lua Resty Auto Ssl
On the fly (and free) SSL registration and renewal inside OpenResty/nginx with Let's Encrypt.
Stars: ✭ 1,786 (+6514.81%)
Mutual labels:  letsencrypt, ssl-certificate
Getssl
obtain free SSL certificates from letsencrypt ACME server Suitable for automating the process on remote servers.
Stars: ✭ 1,687 (+6148.15%)
Mutual labels:  letsencrypt, ssl-certificate
Letsencrypt Rails Heroku
Automatic LetsEncrypt SSL certificates in your Rails app on Heroku.
Stars: ✭ 223 (+725.93%)
Mutual labels:  letsencrypt, ssl-certificate
Letsencrypt Cpanel
cPanel/WHM plugin for Let's Encrypt client
Stars: ✭ 181 (+570.37%)
Mutual labels:  letsencrypt, ssl-certificate
acme-dns-01-cloudflare
Cloudflare DNS for Let's Encrypt / ACME dns-01 challenges with Greenlock.js and ACME.js
Stars: ✭ 13 (-51.85%)
Mutual labels:  letsencrypt, lets-encrypt
letsencrypt-fast
The fastest way to test/generate/renew Let's Encrypt SSL certificates!!! Requires root access and a live webserver to run the script at.
Stars: ✭ 25 (-7.41%)
Mutual labels:  ssl-certificate, lets-encrypt
django-yadpt-starter
Yet Another Django Project Template skeleton for Django projects
Stars: ✭ 28 (+3.7%)
Mutual labels:  letsencrypt, ssl-certificate
traefik-letsencrypt-compose
Basic Traefik configuration which includes automatic Let’s Encrypt certificate management and password protected dashboard
Stars: ✭ 38 (+40.74%)
Mutual labels:  letsencrypt, lets-encrypt
acme
Go client library implementation for ACME v2 (RFC8555)
Stars: ✭ 77 (+185.19%)
Mutual labels:  letsencrypt, lets-encrypt
Nginxconfig.io
⚙️ NGINX config generator on steroids 💉
Stars: ✭ 14,983 (+55392.59%)
Mutual labels:  letsencrypt, ssl-certificate
docker-ssl-reverse-proxy
Easy-to-use auto-SSL reverse proxy as a Docker container based on Caddy and Let’s Encrypt
Stars: ✭ 22 (-18.52%)
Mutual labels:  letsencrypt, lets-encrypt
laravel-lets-encrypt
Let's Encrypt wrapper for Laravel
Stars: ✭ 112 (+314.81%)
Mutual labels:  letsencrypt, ssl-certificate
FindMyDoc
Documentations, manuels et guides d'utilisation
Stars: ✭ 36 (+33.33%)
Mutual labels:  guide
Git-Command-Guide
📙 A git command guide
Stars: ✭ 53 (+96.3%)
Mutual labels:  guide
View All Similar Projects ➔

Non-public facing Let's Encrypt Certification

This guide details how to setup a Let's Encrypt SSL Certification on a server which isn't accessible on the internet (Non-public facing server or Intranet Server).

Prerequisites

  • Having a public domain name (from now on we will consider the name example.com)
  • Choosing a name for the subdomain of that intranet server (we will choose myserv.example.com). You can also choose to use example.com directly.
  • Certbot installed on the intranet server. You can go on this page to learn how to install Certbot (but just install it, you don't need to run Certbot yet).
  • The intranet server must have a static local ip address (IPv4 or IPv6) or a defined name on the local network DNS server (Hostname)
  • The intranet server doesn't have to be a web server, it can be a SFTP server, a MySQL database, any technology that uses SSL/TLS certificates. In this example, we will assume that the server is a web server running on Apache.

Create the subdomain

On whatever domain registrar you're using, create a new DNS record. The type must be:

  • A: if you want to use the local IPv4 server's address
  • AAAA: for the IPv6 address
  • CNAME: when using the Hostname

In this example we'll be using a type A record which looks like this:

myserv 1800 IN A 192.168.1.200

Of course, you usually don't have to write the line directly and you can use whatever form the registrar provides you.

If you want to use example.com directly (no subdomain), use @ instead of myserv in the DNS record line.

Setting the server

On the server (in this example, it's running on Debian 10) add this script to /etc/apache2/sites-available/default-le-ssl.conf (or whatever file you're using for the VirtualHost):

<VirtualHost *:443>
        ServerName myserv.example.com
        ...
        #SSLCertificateFile /etc/letsencrypt/live/myserv.example.com/fullchain.pem
        #SSLCertificateKeyFile /etc/letsencrypt/live/myserv.example.com/privkey.pem
</VirtualHost>

It is important to keep those SSLCertificate lines commented for now as the files have not been generated yet. You can also add this to automatically redirect HTTP requests:

<VirtualHost *:80>
        ServerName myserv.example.com
        RewriteEngine on
        RewriteCond %{SERVER_NAME} =myserv.example.com
        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

After saving and using the command sudo apachectl restart, you can try accessing myserv.example.com from a web browser. It should tell you that there isn't a valid certificate.

Using Certbot

On the intranet server use this command certbot --manual --preferred-challenges dns certonly. It should ask you for the domain name(s). Enter: myserv.example.com It should then generate a challenge key similar to this one: baDeeI2lEC9vVeUl__zj23sET5x5UN_4h08--9u-98M Go to your registrar’s website once more and create a DNS record of type TXT. The name of the record must be _acme-challenge.myserv (myserv is the subdomain used in this example), and copy-paste the challenge key as its value. The line should look something like this:

_acme-challenge.myserv 1800 IN TXT "baDeeI2lEC9vVeUl__zj23sET5x5UN_4h08--9u-98M"

Once this record is active (it can take a few minutes), go back to Certbot and press Enter. The challenge should be successfully verified, and the certificate created. On Debian, Certbot should also automatically schedule the renew processes. Now edit /etc/apache2/sites-available/default-le-ssl.conf and uncomment the SSLCertificate lines. Use the command sudo apachectl restart again and that's it.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].