From ce6a45b42d99cdf919b1482811a24d55361f62f0 Mon Sep 17 00:00:00 2001 From: Kasra Bigdeli Date: Sat, 17 Aug 2024 21:23:28 -0700 Subject: [PATCH] Update certbot-config.md --- docs/certbot-config.md | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/docs/certbot-config.md b/docs/certbot-config.md index 79b3aae..3392bd7 100644 --- a/docs/certbot-config.md +++ b/docs/certbot-config.md @@ -8,11 +8,13 @@ sidebar_label: Certbot Overrides ### NOTE: Most (almost all) users do not need to modify Certbot configs. CapRover automatically manages it for you. You should skip this page! +
+ ## Customize Certbot command to use DNS-01 challenge As of CapRover 1.12.0, you're able to customize the command that Certbot uses to generate SSL certificates. By default, CapRover uses the following command: ```bash -certbot certonly --webroot -w ${webroot} -d ${domainName}' +certbot certonly --webroot -w ${webroot} -d ${domainName} ``` which works via HTTP-01 challenge. In this mode, Certbot will verify the ownership of your domain by sending a request to `http:///.well-known/acme-challenge/` where the content of is generated by Certbot. @@ -22,7 +24,7 @@ This challenge works fine for most users, but you can optionally use a different The default Certbot Docker image does not include the [3rd party plugins](https://hub.docker.com/r/certbot/certbot). You need to build a custom image: For example, for Cloudflare: -``` +```Dockerfile # Change this to any other base image listed here: https://hub.docker.com/r/certbot/certbot BASE_IMAGE="certbot/dns-cloudflare" @@ -43,17 +45,17 @@ mkdir /captain/data/letencrypt/etc/captain-files nano mycreds.ini ``` Then enter your DNS credentials. For example, for Cloudflare DNS, you can use: -```ini +```text # Cloudflare API token used by Certbot dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567 ``` See details [here](https://eff-certbot.readthedocs.io/en/stable/using.html#dns-plugins) -### Override the Certbot command +### 3) Override the Certbot command Edit `/captain/data/config-override.json` by running: -``` +```bash nano /captain/data/config-override.json ``` @@ -72,16 +74,21 @@ Then enter the following blob. Make sure to replace `your/repo:certbot-sleeping` } ``` -### Restart CapRover +### 4) Restart CapRover -``` +```bash docker service update captain-captain --force ``` +Now, when you ask CapRover to generate an SSL certificate, it uses the DNS challenge. + +
+
+
## Configure Certbot to use a new ACME Server -### First step +### 1) Create config file Normally, the directory `/captain/data/letsencrypt/etc` should contain the volume used by Certbot, to configure Certbot, add a `cli.ini` file in this directory: @@ -90,7 +97,7 @@ $ cd /captain/data/letsencrypt/etc/ $ nano cli.ini ``` -### Configure the right things +### 2) Configure the values We will take as an example ZeroSSL's ACME server to guide you over the steps needed to make Certbot work correctly with it, @@ -107,7 +114,7 @@ eab-kid = some-short-string eab-hmac-key = a-big-key ``` -### Restart certbot +### 3) Restart Certbot Then to apply our changes we need to update Certbot's service: ``` @@ -116,7 +123,7 @@ $ docker service update captain-certbot And you're done ! -### CAA Record +### 4) CAA Record Remember to add a CAA record in your DNS to avoid any problem when generating SSL certs