lets-encrypt | 易学教程

How to use golang lego let's encrypt client behind nginx?

阅读更多关于 How to use golang lego let's encrypt client behind nginx?

问题 I'd like to setup Let's Encrypt certificate to live server with nginx with lego client written in Go https://github.com/xenolf/lego/ What I'll to do with nginx config to get certificate? 回答1: You need to add in :80 and :443 virtual servers following location: # http and https nginx servers location /.well-known/acme-challenge/ { proxy_set_header Host $host; proxy_pass http://127.0.0.1:4000$request_uri; } And run lego binary: ./lego.amd64 --http 127.0.0.1:4000 --email="your@address.tld" -

Let's Encrypt unauthorized 403 forbidden

阅读更多关于 Let's Encrypt unauthorized 403 forbidden

问题 On the server, Nginx is installed. Let's Encrypt is working well with www.domain.com but is not working with static.domain.com With PuTTY, when I enter : sudo letsencrypt certonly -a webroot --webroot-path=/var/www/site/domain -d static.domain.com -d domain.com -d www.domain.com I have the below issue : Failed authorization procedure. static.domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://static.domain.com/.well

Certbot not creating acme-challenge folder

阅读更多关于 Certbot not creating acme-challenge folder

问题 I had working Let's encrypt certificates some months ago (with the old letsencrypt client). The server I am using is nginx. Certbot is creating the .well-known folder, but not the acme-challenge folder Now I tried to create new certificates via ~/certbot-auto certonly --webroot -w /var/www/webroot -d domain.com -d www.domain.com -d git.domain.com But I always get errors like this: IMPORTANT NOTES: - The following errors were reported by the server: Domain: git.domain.com Type: unauthorized

https on S3 WITHOUT cloudfront possible?

阅读更多关于 https on S3 WITHOUT cloudfront possible?

问题 We currently want to start hosting all our assets through AWS S3 and we also want to server everything over https. I understand I can use the Amazon Certificate Manager (ACM) with Cloudfront to server assets over https. The problem is that we are in the medical industry and we are legally prohibited to host anything outside the EU. With S3 I can choose a location (Frankfurt for us), but with Cloudfront I just get this option: So I thought that I could maybe use Letsencrypt to generate my own

Wildcard SSL certificate with subdomain redirect in Kubernetes

阅读更多关于 Wildcard SSL certificate with subdomain redirect in Kubernetes

问题 I've configured my Kubernetes to use one wildcard SSL certificate to all my apps using cert-manager and letsencrypt, now the problem is that I can't configure subdomain redirects cause Ingress is kinda "stiff". Here's how I'm trying to achieve this: apiVersion: extensions/v1beta1 kind: Ingress metadata: name: my-wildcard-ingress namespace: mynamespace annotations: kubernetes.io/ingress.class: nginx certmanager.k8s.io/cluster-issuer: letsencrypt-prod certmanager.k8s.io/acme-challenge-type:

how to install a letsencrypt cert on ibm cloud?

阅读更多关于 how to install a letsencrypt cert on ibm cloud?

问题 I'm struggling to install a lets encrypt cert on IBM cloud to enable https access. I checked the cert using keytool and it includes all domains, and it seems valid. Right now i have two problems: https is only enabled on the root domain -> https://example.com but not on any of my subdomains including https://www.example.com the intermediate cert isnt delivered, which means some browsers wont accept it. I followed this tutorial https://www.ibm.com/blogs/bluemix/2014/09/ssl-certificates-bluemix

Traefik will issue certificate instead of Let's encrypt

阅读更多关于 Traefik will issue certificate instead of Let's encrypt

问题 I am trying to set up traefik along with this tutorial: https://www.digitalocean.com/community/tutorials/how-to-use-traefik-as-a-reverse-proxy-for-docker-containers-on-ubuntu-16-04 Here's the traefik.toml I'm using: defaultEntryPoints = ["http", "https"] [entryPoints] [entryPoints.http] address = ":80" [entryPoints.http.redirect] entryPoint = "https" [entryPoints.https] address = ":443" [entryPoints.https.tls] [web] address = ":8080" [web.auth.basic] users = [myuserandpw] [acme] email =

Letsencrypt with htaccess

阅读更多关于 Letsencrypt with htaccess

问题 This is my current htaccess configuration of /frontend/web RewriteEngine on RewriteCond %{HTTPS} !=on RewriteRule ^.*$ https://%{SERVER_NAME} [R,L] # if a directory or a file exists, use it directly RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d # otherwise forward it to index.php RewriteRule . index.php I am trying to insert this: RewriteCond %{REQUEST_URI} !^.well-known/acme-challenge/$ or RewriteCond %{REQUEST_URI} ! /\.well-known|^\.well-known above RewriteRule ^.

How do I test a ClusterIssuer solver?

阅读更多关于 How do I test a ClusterIssuer solver?

问题 I'm attempting to deploy a Kubernetes cluster with an SSL certificate using LetsEncrypt on DigitalOcean. I followed these instructions, and everything works right up until the challenge order is created by the ClusterIssuer. Then I get this error: cert-manager/controller/orders "msg"="Failed to determine the list of Challenge resources needed for the Order" "error"="no configured challenge solvers can be used for this challenge" "resource_kind"="Order" "resource_name"="letsencrypt-prod-cert

how to install a letsencrypt cert on ibm cloud?

阅读更多关于 how to install a letsencrypt cert on ibm cloud?

I'm struggling to install a lets encrypt cert on IBM cloud to enable https access. I checked the cert using keytool and it includes all domains, and it seems valid. Right now i have two problems: https is only enabled on the root domain -> https://example.com but not on any of my subdomains including https://www.example.com the intermediate cert isnt delivered, which means some browsers wont accept it. I followed this tutorial https://www.ibm.com/blogs/bluemix/2014/09/ssl-certificates-bluemix-custom-domains/ unfortunately it's very old and most probably outdated. Does anyone know how to do