Hướng dẫn cài đặt SSL từ Let's Encrypt cho hostname cPanel DNSONLY 1

Hướng dẫn cài đặt SSL từ Let’s Encrypt cho hostname cPanel DNSONLY

Installation

Ensure you meet the prerequisites:

1. You will be fetching the package from our yum repository:

 

wget https://cpanel.fleetssl.com/static/letsencrypt.repo -O /etc/yum.repos.d/letsencrypt.repo

 

2. Install the package

 

yum -y install letsencrypt-cpanel-dnsonly

 

3. Wait for the certificate

The issuing and installation process should run as a post-installation step automatically, completing in your terminal within a minute or so. You should now have a valid certificate on port :2087

Usage

You typically should not need to do anything after installing the package.

How do I perform renewal?

It is automatic. Upon installation, a systemd timer is enabled, which runs twice daily. You may check its status with:

 

systemctl status fleetssl-dnsonly.timer

 

If you need to run renewal by hand for some reason, you can just run:

 

/usr/local/bin/fleetssl-dnsonly
I need to re-install the existing SSL certificate to my cPanel services.

You can run the following:

 

/usr/local/bin/fleetssl-dnsonly -reinstall

 

I want to perform a test renewal to see whether it would work.

You can run the following:

 

/usr/local/bin/fleetssl-dnsonly -dry-run

 

I got stuck and need to reset absolutely everything.

Remove the state file and run the program with the following:

 

rm -f /var/lib/fleetssl-dnsonly.json && /usr/local/bin/fleetssl-dnsonly

 

Customizations

Before you install the package, you can apply some customizations as described below. There are some other, advanced customizations available that are not documented here, you’ll need to look in the source code if you’re interested in them.

I want to include other domain names on the certificate, other than the hostname of the server.

This is possible with a comma-separated list of domains.

echo "FLEETSSL_DNSONLY_CERT_HOSTNAMES=dns1.example.org,alternate.example.org,foo.example.org" >> /etc/fleetssl-dnsonly.conf
I want to register my Let’s Encrypt account with an email address so that I can receive renewal reminders in case of any issues.

Remember, you must do this before you install the package, or otherwise remove the state file as described earlier.

echo "FLEETSSL_DNSONLY_ACME_EMAIL_ADDRESS=me@example.com" >> /etc/fleetssl-dnsonly.conf
I want to change the renewal cutoff from the default of 31 days to something different.
echo "FLEETSSL_DNSONLY_RENEWAL_CUTOFF=31" >> /etc/fleetssl-dnsonly.conf

FAQ

Why? Not having an easy SSL solution for DNSONLY servers seemed like a bit of a blind spot. Changing our plugin to work with DNSONLY was too involved (it’s not our core use case), using generic Let’s Encrypt™ tools by hand was tedious for a large number of servers, so this is the middle ground!

I need help. This project is community supported. This means, you may not email us at FleetSSL about it – sorry, we are not providing technical support! You may open an issue on the Github project if you believe you have found a bug or you would like to contribute code or documentation.

Trademarks and Endorsements. This project is not associated or endorsed by the cPanel®, Let’s Encrypt™ or acmetool organisations. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement. This project is not affiliated with the Let’s Encrypt™ or ISRG organisations. Let’s Encrypt™ is a trademark of the Internet Security Research Group.

Nguồn: https://dnsonly.letsencrypt-for-cpanel.com/

Viết bình luận

Website này sử dụng Akismet để hạn chế spam. Tìm hiểu bình luận của bạn được duyệt như thế nào.