https://miguelangel.torresegea.es/wiki/ 2026-04-22T17:46:06+00:00 https://miguelangel.torresegea.es/wiki/ https://miguelangel.torresegea.es/wiki/_media/wiki:dokuwiki-128.png text/html 2026-02-02T10:06:19+00:00 Anonymous (anonymous@undisclosed.example.com) https://miguelangel.torresegea.es/wiki/web:security:letsencrypt:dns?rev=1770026779&do=diff Let's Encrypt (renovación DNS) Para poder renovar los certificados a través DNS, hace falta usar un servicio que permita acceder a los registros DNS via API (o delegar el registro CNAME en uno que lo permita). preparativos * descargar el script encargado de modificar el registro text/html 2019-11-27T23:34:23+00:00 Anonymous (anonymous@undisclosed.example.com) https://miguelangel.torresegea.es/wiki/web:security:letsencrypt:k0.vividumcodex.com?rev=1574897663&do=diff let's encrypt k0.vividumcodex.com resumen * montado sobre 2 contenedores diferentes * nginx * certbot scripts docker run \ -it \ --name nginx \ --rm \ -p 80:80 \ -v ${PWD}/data/nginx/conf.d:/etc/nginx/conf.d \ -v ${PWD}/data/nginx/www:/var/www/html \ -v ${PWD}/data/certbot/conf:/etc/letsencrypt \ -v ${PWD}/data/certbot/www:/var/www/certbot \ nginx:1.15-alpine text/html 2020-03-02T08:21:51+00:00 Anonymous (anonymous@undisclosed.example.com) https://miguelangel.torresegea.es/wiki/web:security:letsencrypt:multidominio?rev=1583137311&do=diff Let's Encrypt multidominio #!/bin/bash COMMON_NAME=${1:-"landing.fidmag.org"} COMMON_ALT_NAME=${COMMON_NAME//./_} [[ ! -z ${COMMON_NAME} ]] && { echo -e "Creating letsencrypt directory...\n" mkdir -p /etc/letsencrypt/live/${COMMON_NAME} #openssl genrsa 4096 > account.key echo -e "Generating .key & .csr for domain...\n" openssl genrsa 4096 > domain_${COMMON_ALT_NAME}.key openssl req -new -sha256 -key domain_${COMMON_ALT_NAME}.key -subj "/" -reqexts SAN -config <(cat /etc/ssl/ope… text/html 2019-02-26T22:58:49+00:00 Anonymous (anonymous@undisclosed.example.com) https://miguelangel.torresegea.es/wiki/web:security:letsencrypt:seedbox.torresegea.es?rev=1551221929&do=diff let's encrypt seedbox.torresegea.es para próximas * probar método automático: certbot-auto renew * OK, renueva certificados (pero no los actualiza en los directorios correspondientes) -> está en CRON * añadida entrada en sudo visudo para que no solicite password de sudo al ejecutarse text/html 2025-12-29T11:56:00+00:00 Anonymous (anonymous@undisclosed.example.com) https://miguelangel.torresegea.es/wiki/web:security:letsencrypt:wildcard?rev=1767009360&do=diff Let's Encrypt wildcard info * <https://www.jesusamieiro.com/generar-un-certificado-ssl-wildcard-con-lets-encrypt/> * <https://www.whatsmydns.net/> * <https://dnschecker.org/#TXT/_acme-challenge.fidmag.org> * <https://mxtoolbox.com/SuperTool.aspx?action=txt%3a_acme-challenge.example.com&run=toolpage#> * <https://redeslinux.net/guia-completa-pfsense-con-ddns-de-cloudflare-certificados-lets-encrypt-y-haproxy-para-proxy-inverso-y-balanceo-de-carga-de-servicios/> * <https://discour…