Certbot Notes

certbot debian

Once my hosting provider got hacked and shutdown, I had to move my blog from there to...somewhere. So why not experiment on the ol' VPS? (Well, other than the fact that I'll probably get hacked next...)

I remember approximately 0% of setting this up last time, other than the fact that it failed to renew at one point and then I had to do something to fix that. I thought I jotted all this down somewhere, but I couldn't find anything anywhere.

I'll write up a separate post about actually moving the blog, but getting www.chrisweber.com to serve up (1) anything from the VPS and (2) has a valid certificate would be considered successful at this point.

So...let's start by looking at someothersubdomain.chrisweber.com. I know that works and serves up an SSL version of a boring index.html page.

There we go, I find my www root dir and there is www/someothersubdomain. Add www/www (ooh fancy). Now I need to get nginx to serve this thing up. Long story short, I was looking for /etc/nginx/sites-available/. Copy the slice config into a new www, set up a symlink in sites-enabled and we're getting closer. I'd like to claim that I know what I'm doing, but mostly I just search for 'someothersubdomain' in there and change it to 'www' and then attempt to restart the nginx service to see if it works. When it doesn't, look at the errors and see what it's complaining about. There's some comments in there about things managed by Certbot, which is also good. Eventually, we're up and running with a www.chrisweber.com serving up a unique index.html page that confirms it's working. And Firefox is complaining about the certificate, which is also expected at this point.

I'm not even sure what to google here. So I google 'certbot' and 'Lets Encrypt' and it looks like certbot is the tool that runs on Linux to deploy Let's Encrypt certificates. (At this point, if you are not me, you are realizing how truly bad I am at this.) Ok, let's see how to add a subdomain. Hmmm, lot's of results there...not sure how I did this last time so I don't know which approach to take here... Look at all the nginx config files, they all seem to point to the same thing... Let's just look at what I have so far...googly googly goo...here's some magic:

sudo certbot certificates

There we go. One certificate to rule them all. Ok, now I'm looking for some black magic to add subdomains to this certificate. Here's the magic. I have a 50/50 shot on --expand vs --cert-name. Cert-name guy seems like he knows what he's talking about, so that's what we're going to try.

certbot --cert-name mycertname.chrisweber.com -d chrisweber.com -d www.chrisweber.com -d someothersubdomain.chrisweber.com -d you.chrisweber.com -d get.chrisweber.com -d theidea.chrisweber.com

I don't know if I should be putting all the various subdomains into a single certificate or not. I suppose that's a question for another day.

Previous Post Next Post