Want more timely Centmin Mod News Updates?
Become a Member

SSL Obtain SSL certificate (no DNS)

Discussion in 'Domains, DNS, Email & SSL Certificates' started by lserpes, Sep 23, 2018.

  1. lserpes

    lserpes New Member

    7
    0
    1
    Jul 12, 2018
    Ratings:
    +0
    Local Time:
    2:16 AM
    -
    -
    Hi,
    I do not know if this is the right topic, but come on.
    I'm using VPS Dime, which is good service. However, they do not have their own DNS.
    I'm using Cloudflare, but it seems impossible to get a Let's Encrypt certificate by traditional means. I have already tried dns-cloudflare via api and txt, but without success.
    How can I get a certificate securely? I thought about using NSD Dns, but it does not seem to be a secure medium.
     
  2. eva2000

    eva2000 Administrator Staff Member

    36,333
    7,979
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,287
    Local Time:
    3:16 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    For centmin mod letsencrypt via centmin.sh menu option 2 ? See method 2 or 3 outlined below which use letsencrypt webroot authentication and will work behind cloudflare

    There's generally 3 ways of setting up HTTPS SSL certificate for Centmin Mod Nginx HTTP/2 based HTTPS

    Method 1. The traditional way via centmin.sh menu option 2, 22 and selecting yes to self-signed ssl certificates first. Then converting the self-signed ssl certificate to paid or free (Letsencrypt) web browser trusted SSL certificates outlined at How to switch self-signed SSL certificate to paid SSL certificate ? You would still need to follow the same steps outlined at Nginx SPDY SSL Configuration for obtaining and purchasing the paid SSL certificate and most important part is the concatenation of the SSL provider provided filesto create the mentioned /usr/local/nginx/conf/ssl/domaincom/ssl-unified.crt and /usr/local/nginx/conf/ssl/domaincom/ssl-trusted.crtfiles referenced in your Nginx SSL vhost config file.

    You may need to also decide if you want to enable HTTP to HTTPS redirect outlined at How to force redirect from HTTP:// to HTTPS:// ?

    If you didn't answer yes at time of initial nginx vhost creation to self-signed ssl certificates, you can manually setup the self-signed ssl certificate via the vhost generator by checking self-signed ssl box and enter a domain name. This will outline instructions for manually creating and setting up self-signed ssl certificate and nginx vhost settings. Then for web browser trusted ssl certificates you switch follow - How to switch self-signed SSL certificate to paid SSL certificate ?.

    Method 2. Using and testing Centmin Mod 123.09beta01's new addons/acmetool.sh addon which is still in beta testing only for integrating Letsencrypt SSL certificates. And has both auto and manual methods.

    Method 3. Fully manual method for free Letsencrypt SSL certificates.
    Note:
    • For wordpress auto installer, you actually need a read method 2 to enable LETSENCRYPT_DETECT='y' then run centmin.sh menu option 22 which will detect letsencrypt support and display the additional letsencrypt prompts required to issue free letsencrypt ssl certificates for wordpress auto installer
     
  3. robert syputa

    robert syputa Member

    43
    10
    8
    Jan 18, 2018
    Seattle
    Ratings:
    +26
    Local Time:
    1:16 AM
    latest
    10
    Centminmod has been rock solid in issuing/re-issuing Letsencrypt SSL... In fact, I have not had to think about it so long as the DNS settings from the host/VPS server have not changed.

    Thanks, Eva for a wonderful job that results in no headaches for we mere mortals.
     
    • Like Like x 1
  4. eva2000

    eva2000 Administrator Staff Member

    36,333
    7,979
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,287
    Local Time:
    3:16 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Much appreciated.. while I'd like to take credit for it all, the heavy lifting was done by letsencrypt and Neil Pang's acme.sh client which actually does the auto renewal routine stuff which I integrated into my acmetool.sh Centmin Mod integration :)

    FYI, letsencrypt has issued more than 400 million SSL certificates to date - crazy!
     
..