lets-encrypt

问题 I'm trying to dynamically read the location of the SSL certificates depending on which url was used to connect to my server. I have attempted a few different ways but none seem to work. Currently I have the config as noted below UseCanonicalName Off listen 443 <VirtualHost *:443> ServerName example ServerAlias * SSLEngine on SSLCertificateFile /etc/letsencrypt/live/%0/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/%0/privkey.pem VirtualDocumentRoot /var/www/vhosts/%-2/%-3+/public <

问题 I generated a client-side SSL Certificate on API Gateway and added it to my nginx configuration as below: listen *:443; ssl on; server_name api.xxxx.com; ssl_certificate /etc/letsencrypt/live/api.xxxx.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/api.xxxx.com/privkey.pem; ssl_verify_client on; ssl_client_certificate /etc/nginx/ssl/awsapigateway.crt; location /home/ubuntu/api { # if ($ssl_client_verify != SUCCESS) { return 403; } # proxy_pass http://my.http.public.endpoint.com;

问题 I know how to configure let's encrypt for nginx. I'm having hard time configuring let's encrypt with nginx inside a docker image. Let's encrypt certificates are symlinked in etc/letsencrypt/live folder and I don't have permission to view the real certificate files inside /etc/letsencrypt/archive Can someone suggest a way out ? 回答1: If anyone having this problem, I've solved it by mounting the folders into docker container. I've mounted both etc/letsencrypt and etc/ssl folders into docker

问题 We have a production AKS cluster that has a stable/cert-manager helm chart installed to allow using Let's Encrypt certificates. The current version installed is cert-manager-v0.6.0 in the kube-system namespace. Let's Encrypt is to stop support for traffic from cert-manager pre 8.0 version from 1st of November 2019. I would like to upgrade but the latest available stable chart version is v0.6.7 . Seems like the way to go is to switch to jetstack/cert-manager . How do I best approach this?

问题 I have recently deployed my Ruby on Rails application to a plain Ubuntu 16.04 DigitalOcean droplet with Nginx, passenger & Let's encrypt. The rails app worked fine with just passenger and Nginx but after I installed Let's Encrypt, it points to the "Welcome to Nginx" page instead of my rails app. I am able to make changes to see the "Welcome to Nginx!" page and see the results in the browser. When I change the root location in my sites-enabled configs to my application path instead of /html I

问题 I'm trying to set up let's encrypt on a load balancer written in Go, I tried both the automatic and manual setup but I always get errors. The domain is pointing correctly to our server (Digital Ocean) and I can even open the site from a browser without errors, also an ssl check report no errors on this domain. The fact is that when I run the Go executable on server from CLI I get errors repeatedly. Automatic (acme/autocert) setup: The server code is that, the certificate and the key are

问题 I have generated SSL certificate like so: sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt ./letsencrypt-auto certonly --standalone Then I was asked for email ... and a domain name. I entered 'mydomain.com' I figured out that I could enter multiple domains to be included in one certificate using different approach. E.g.: sudo -H ./letsencrypt-auto certonly --standalone -d example.com -d www.example.com I wonder if I could have entered multiple domains when I was

问题 I've followed Heroku's Automated Certificate Management instructions for generating an SSL certificate via LetsEncrypt (kudos to LetsEncrypt and heroku!!) for my Ruby Sinatra app but generation of the SSL certificate for my custom domain is failing. After activating automated certificate management, the heroku domain name for my app changes from *.herokuapp.com to *.herokudns.com, as expected. I've updated my Google Domain records accordingly, however Google Domain doesn't allow the domain

问题 I got this error while renewing let's encrypt certificate: "Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA" How can I fix this? The command I running is like this: ./letsencrypt-auto --apache --renew-by-default -d <domain name> 回答1: It is because Let’s Encrypt has currently disabled the TLS-SNI-01 challenge due to an identified security issue. The official has provided an workaroud at the Let's Encrypt community website

问题 I'm struggling at the moment to get the requests library to perform a simple GET request to a site of mine with a Let's Encrypt certificate. All's well with the site and I can access it from Chrome just fine. (I'm running OSX El Capitan at the moment). First I tried doing a GET request to the site: >>> import requests >>> requests.get('https://example.com') This gives me: requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) I then tried various