pterodactyl/documentation
1
0
Fork 0
mirror of https://github.com/pterodactyl/documentation.git synced 2025-12-11 14:00:27 -06:00
Code Issues Packages Projects Releases Wiki Activity

Update creating_ssl_certificates.md

Browse Source
This commit is contained in:
Lance Pioch 2020-03-11 15:28:20 -04:00 committed by GitHub
parent f3aa1f87e8
commit dd1ddb7d70
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 41 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
tutorials/creating_ssl_certificates.md
View File

@ -1,5 +1,5 @@
# Creating SSL Certificates
This tutorial briefly covers creating new SSL certificates for your panel and daemon using LetsEncrypt™.
This tutorial briefly covers creating new SSL certificates for your panel and daemon.
## Method 1: Using Certbot
To begin, we will be installing certbot, a simple script that will automatically renew our certificates and allow much
@ -37,7 +37,7 @@ which provides more options (see below), and is much more powerful than certbot.
certbot renew
```
## Troubleshooting
### Troubleshooting
If you get an `Insecure Connection` or related error when trying to access your panel, it is likely that the SSL certificate has expired.
This can be easily fixed by renewing the SSL certificate, although using the command `certbot renew` won't do the job. As it'll give a error like: `Error: Attempting to renew cert (domain) from /etc/letsencrypt/renew/domain.conf produced an unexpected error`.
This will happen especially if you're running NGINX instead of Apache. The solution for this is to stop NGINX, then renew the certificate, finally restart NGINX.
@ -56,3 +56,42 @@ Once the process has complete, you can restart the NGINX service:
```bash
systemctl start nginx
```
## Method 2: Using acme.sh (Cloudflare)
### Using acme.sh
This is for advanced users, of which their server systems do not have access to port 80. The command below is for Ubuntu distributions and CloudFlare API (you may google for other APIs for other DNS providers), but you can always check [acme.sh's official site](https://github.com/Neilpang/acme.sh) for installation instructions.
``` bash
curl https://get.acme.sh | sh
```
### Obtaining CloudFlare API Key
After installing acme.sh, we need to fetch a CloudFlare API key. Please make sure that a DNS record (A or CNAME record) is pointing to your target node, and set the cloud to grey (bypassing CloudFlare proxy). Then go to My Profile > API keys and on Glocal API Key subtab, click on "view", enter your CloudFlare password, and copy the API key to clipboard.
### Creating a Certificate
Since the configuration file is based on Certbot, we need to create the folder manually.
```bash
sudo mkdir /etc/letsencrypt/live/example.com
```
After installing certbot and obtaining CloudFlare API key, we need to then generate a certificate. First input the CloudFlare API credentials.
```bash
export CF_Key="Your_CloudFlare_API_Key"
export CF_Email="Your_CloudFlare_Account@example.com"
```
Then create the certificate.
```bash
acme.sh --issue --standalone -d "example.com" --dns dns_cf \
--key-file /etc/letsencrypt/live/example.com/privkey.pem \
--fullchain-file /etc/letsencrypt/live/example.com/fullchain.pem
```
### Auto Renewal
After running the script for the first time, it will be added to the crontab automatically. You may edit the auto renewal interval by editing the crontab.
```bash
sudo crontab -e
```