TLS certificates for our websites
2 views
Skip to first unread message
Arto Bendiken
Jan 9, 2016, 1:15:38 PM1/9/16
to Conreality mailing list
I've taken advantage of the Let's Encrypt initiative's [1] public beta
to set up all our websites with free TLS certificates, enabling both
HTTP and HTTPS access:
• https://conreality.org/
• https://api.conreality.org/
• https://ddk.conreality.org/
• https://kb.conreality.org/
• https://sdk.conreality.org/
To do this, I followed the tutorial at [2] to issue the certificates
using manual validation, running the Let's Encrypt toolchain on Mike's
VPS. For future reference, the basic procedure is to execute the
following for each hostname and follow instructions:
$ ./letsencrypt-auto certonly --manual -d example.org
The procedure requires manually creating static files under
.well-known/acme-challenge/ for each site, which had to be done on
DreamHost directly. (Their toolchain can't be executed on DreamHost
directly, though, as it basically assumes root access.)
Unfortunately, after setting up the aforementioned five hostnames I
ran into Let's Encrypt per-domain rate limits [3], so the
https://wiki.conreality.org/ site is as yet using a self-signed
certificate; it should be possible to remedy that a week from now.
[1] https://letsencrypt.org/
[2] https://lyncd.com/2015/12/letsencrypt-dreamhost-howto/
[3] https://community.letsencrypt.org/t/quick-start-guide/1631
to set up all our websites with free TLS certificates, enabling both
HTTP and HTTPS access:
• https://conreality.org/
• https://api.conreality.org/
• https://ddk.conreality.org/
• https://kb.conreality.org/
• https://sdk.conreality.org/
To do this, I followed the tutorial at [2] to issue the certificates
using manual validation, running the Let's Encrypt toolchain on Mike's
VPS. For future reference, the basic procedure is to execute the
following for each hostname and follow instructions:
$ ./letsencrypt-auto certonly --manual -d example.org
The procedure requires manually creating static files under
.well-known/acme-challenge/ for each site, which had to be done on
DreamHost directly. (Their toolchain can't be executed on DreamHost
directly, though, as it basically assumes root access.)
Unfortunately, after setting up the aforementioned five hostnames I
ran into Let's Encrypt per-domain rate limits [3], so the
https://wiki.conreality.org/ site is as yet using a self-signed
certificate; it should be possible to remedy that a week from now.
[1] https://letsencrypt.org/
[2] https://lyncd.com/2015/12/letsencrypt-dreamhost-howto/
[3] https://community.letsencrypt.org/t/quick-start-guide/1631
Arto Bendiken
Jan 17, 2016, 11:58:00 AM1/17/16
to Conreality mailing list
Reply all
Reply to author
Forward
0 new messages