Using Let’s Encrypt Wildcard SSL Cert

Let's Encrypt has announced the official support of the Wildcard certificate FINALLY.

Apply

Run command on your VPS:

~/certbot-auto certonly \
-d dallas.lu \
-d *.ngrok.dallas.lu \
-d *.dallas.lu \
-d other.com \
-d *.other.com \
--manual \
--preferred-challenges dns \
--server https://acme-v02.api.letsencrypt.org/directory

Use --cert-name to set cert name, otherwise the domain name after the first '-d' param will be used as the cert name.

IP logged notice

The IP of the request machine will be logged, but it will not be public now. If worry about the important one of IPs on the VPS,you can modify the config files in /etc/sysconfig/network-scripts and restart the network service to change your IP temporarily. Type 'Y' to continue.

-------------------------------------------------------------------------------
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
-------------------------------------------------------------------------------
(Y)es/(N)o: Y

DNS txt records

Add a txt record.

-------------------------------------------------------------------------------
Please deploy a DNS TXT record under the name
_acme-challenge.dallas.lu with the following value:

QQxHqbXK2aWM8qRWpAyenXo2QotSejV_ERnnc6MUEqU

Before continuing, verify the record is deployed.
-------------------------------------------------------------------------------
Press Enter to Continue

TIPS: if you want root.com and *.root.com verified in the same cert, you should add the params for each domain, for example: '-d dallas.lu -d *.dallas.lu'. AND, you need add multiple txt records. Use 'nslookup' to verify:

nslookup
> set type=txt
> _acme-challenge.dallas.lu
Server:		8.8.8.8
Address:	8.8.8.8#53
 
Non-authoritative answer:
_acme-challenge.dallas.lu text = "I6Tys5RebMhWaBxN1e4fBaBj2OF7jUPl92tdDtfKjao"
_acme-challenge.dallas.lu text = "QQxHqbXK2aWM8qRWpAyenXo2QotSejV_ERnnc6MUEqU"

Cert

After verification:

Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/dallas.lu/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/dallas.lu/privkey.pem
Your cert will expire on 2018-06-13. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

We don't talk about configuring SSL certs now. If failed to verify some domains, just run the command again. The value of txt records will not change after verified.

超高性价比的欧诺VPS

实际上,这个博客以及其他的一时心血来潮的站点,都处于高成本运营状态。本着折腾精神,一路从低价虚拟主机入门,然后购买共享主机、低价VPS,至今竟然也用过几家的VPS了。现在正在用的欧诺VPS也有3个来月了,目前还说,还是可以推荐一下的。

Continue reading

Flipper Host 退款记

一个月之前,为了搭建VPN服务器购买了 Flipper Host 的 Basic,一段时间以后,发现完全无用,为了避免下月付费,我果断地在 Flipper Host 网站上取消了这个VPS产品。但是我却忘记取消 PayPal 的循环付款了,今天收到短信,说我又消费了3.2美元,马上明白过来。虽然印象之中国外的主机商是比较好说话的,但是第一次在没有听过别人成功退款的主机商处退款,还稍有些紧张。

Continue reading