1openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt
Read MoreGet it via chat to Comodo, one would pop-up from https://support.comodo.com/index.php?/Knowledgebase/Article/View/1145/1/how-do-i-make-my-own-bundle-file-from-crt-files. Make sure you edit your profile where they could send the information.
Read More1sudo add-apt-repository ppa:certbot/certbot 2sudo apt-get update 3sudo apt-get install python-certbot-apache 4sudo certbot --apache -d one.example.com -d two.example.com If the above don't work, try this: 1sudo apt-get update 2sudo apt-get install software-properties-common 3sudo add-apt-repository universe 4sudo …
Read MoreIn cases where you don't want to disrupt current production server, this is a good approach 1mkdir /opt/letsencrypt 2cd /opt/letsencrypt 3wget https://dl.eff.org/certbot-auto 4chmod a+x certbot-auto 5sudo ./certbot-auto --apache certonly Sample run as follows: 1[root@687elmp01 letsencrypt]# sudo ./certbot-auto --apache …
Read More1openssl req -new -newkey rsa:2048 -nodes -out this.example.com.csr -keyout this.example.com.key -subj "/C=PH/ST=Cebu/L=Cebu/O=Example Organization Cebu/OU=IT Department/CN=this.example.com" What to use in the "-subj' as per https://www.endpoint.com/blog/2014/10/30/openssl-csr-with-alternative-names-one C …
Read More1certbot --apache -d sub1.example.com -d sub2.example.com --agree-tos -m you@example.com --redirect If you're on nginx, use --nginx
Read MoreGenerate dhparam.pem 1openssl dhparam -out /etc/nginx/ssl/dhparam.pem 4096 Create /etc/nginx/conf.d/perfect-forward-secrecy.conf since all *.conf in /etc/nginx/conf.d: 1ssl_protocols TLSv1.2; 2ssl_prefer_server_ciphers on; 3ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 …
Read More