To generate dhparam.pem, run
|
1 2 |
cd /etc/ssl/ openssl dhparam -out dhparam.pem 4096 |
To add dhparam in Nginx, add
|
1 |
ssl_dhparam /etc/ssl/dhparam.pem; |
See SSL […]
Enable SSL for a site in EasyEngine
To enable LetsEncrypt SSL for a web site hosted in EasyEngine server, run
|
1 |
ee site update SITE_NAME_HERE --ssl=le |
Example See EasyEngine […]
Install LetsEncrypt in CentOS 7
certbot deprecated support for CentOS 7, so new version of certbot-auto script won’t work on CentOS 7. To install certbot (letsencrypt command line tool), run
|
1 2 |
yum install -y epel-release yum install -y python2-certbot.noarch |
To run it, use command
|
1 |
/usr/bin/certbot-2 |
See LetsEncrypt […]
Change Email address of LetsEncrypt SSL
To change email address of LetsEncrypt SSL certficate account, run
|
1 |
certbot update_account --email you@your-domain.com |
See LetsEncrypt […]
View SSL certficate Details
To view certificate details
|
1 |
openssl x509 -text -noout -in SSL_FILE.crt |
For web server
|
1 |
openssl s_client -showcerts -connect serverok.in:443 |
Or
|
1 |
curl -vI https://serverok.in |
IMAP via SSL
|
1 |
openssl s_client -showcerts -connect mail.yourdomain.com:993 -servername mail.yourdomain.com |
POP3 via SSL
|
1 |
openssl s_client -showcerts -connect mail.example.com:995 -servername mail.yourdomain.com |
SMTP via SSL
|
1 |
openssl s_client -showcerts -connect mail.yourdomain.com:465 -servername mail.yourdomain.com |
SMTP via TLS/StartTLS
|
1 |
openssl s_client -starttls smtp -showcerts -connect mail.yourdomain.com:25 -servername mail.yourdomain.com |
See SSL […]
Delete LetsEncrypt SSL certficate
To list all available LetsEncrypt SSL certficates, run
|
1 |
certbot certificates |
To delete a certificate, run
|
1 |
certbot delete --cert-name NAME_OF_SSL_CERT |
You can find NAME_OF_SSL_CERT from command “certbot certificates”. See LetsEncrypt […]
Remove SSL private key password
To remove password from SSL private key, run
|
1 |
openssl rsa -in PASSWORD_PROTECTED.key -out NO_PASSWORD.key |
This will ask for password. Once you enter password, key get saved with out password. […]
Convert SSL certificate into PFX format
To convert SSL certficiate into PFX format, run
|
1 |
openssl pkcs12 -export -out certificate.pfx -inkey private-key.key -in certificate.crt -certfile ca-certificate.crt |
Example for SSL from namecheap/ssls
|
1 |
openssl pkcs12 -export -out certificate.pfx -inkey serverok_in_key.txt -in serverok.in/serverok.in.crt -certfile serverok.in/serverok.in.ca-bundle |
[…]
Purchase SSL
Here are some cheap SSL providers https://www.sslforfree.com/ https://zerossl.com https://www.ssls.com/ https://www.gogetssl.com https://www.namecheap.com/security/ssl-certificates/comodo/ See SSL […]
Nginx Proxy SSL Verification
When using Nginx as reverse proxy, you may need to handle SSL verification request. Passing this request to backend server may not do any good as back end servers normally only handle application. To hanlde SSL validation request, use following Nginx Configuration
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
server { listen 80; server_name YOUR-DOMAIN.EXTN www.YOUR-DOMAIN.EXTN; location ^~ /.well-known/acme-challenge/ { root /var/www/html; } location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; proxy_pass http://127.1.2.1:4200; } } |
Now restart Nginx
|
1 |
service nginx restart |
You can get SSL with following letsencrypt command […]