DOH! Network

Installing secure certificates with CertBot on Slackware...

1. Download and install letsencrypt-0.9.3-x86_64-1_microlinux.txz on the server. I think this is the one I downloaded because I see I installed it right before I started doing all my CertBot commands. installpkg letsencrypt-0.9.3-x86_64-1_microlinux.txz
2. Run CertBot. certbot certonly --manual --preferred-challenges=dns --email sample.email@provider.com
3. CertBot requests you 'enter the domain name(s) you would like on your certificate (comma and/or space separated)'. Enter your domain names. dohnetwork.com *.dohnetwork.com'
4. CertBot will return an acme challenge to add to your domain 'named' file. vi /var/named/<your domain>.com
5. Add the challenge as a new row in your 'named' file. _acme-challenge    300    IN    TXT    'value from CertBot in quotes'
6. Restart DNS. rndc reload
7. CertBot includes a link to test your challenge before continuing on Google Apps Toolbox. Check there to make sure your challenge is working before continuing.
8. If your challenge shows up on Google Apps, press 'Enter' to continue. If all went well, you will be shown the location of the certificate and key 'pem' files and some next steps for renewing your secure certificates in 90 days.
9. Open your httpd.conf file. vi /etc/httpd/httpd.conf
10. Search for any instances of 'ssl'. +/ssl Press 'n' to move to the next instance.
11. Make sure LoadModule ssl_module lib64/httpd/modules/mod_ssl.so and Include /etc/httpd/extra/httpd-ssl.conf are uncommented.
12. Open Apache's 'httpd-ssl.conf'. vi /etc/httpd/extra/httpd-ssl.conf
13. Look for 'SSLCertificateFile'. +/SSLCertificateFile There are two block instances. Mine used the second one. There should be examples. Update the path to the one CertBot gave you. SSLCertificateFile '/etc/letsencrypt/live/dohnetwork.com/fullchain.pem'
14. Do the same for the private key that should be in the same area. SSLCertificateKeyFile '/etc/letsencrypt/live/dohnetwork.com/privkey.pem'
15. Check your config. apachectl configtest And restart. apachectl restart
16. You can go back to step 5 and remove the acme challenge and re-run step 6 to clean up. For some reason, subdomains are not working when secured. I tried setting up a certificate with the subdomains listed out but that didn't work either. Will look into that. How to automate it with a cron job coming soon.

Well, it doesn't look like the issue with the wild card *.dohnetwork.com worked as the site still redirects to the homepage when going to games.dohnetwork.com. I did make some progress on my single page news feed though. Once I convert all the news items to JSON, I will switch to that. There's only around 250 of them.

Happy New Year from the DOH! Network to all of you who are still visiting the site. Started off the new year with the secure certificate expiring for the site and the site I used now want to charge for usage. Supposedly, you can still get secure certificates with CertBot and I am working on setting that up but need to add _acme-challenge to my DNS settings. I've tried adding it in a couple of places but apparently those are not the right places as it hasn't started working yet when i check https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.dohnetwork.com. The server may have just died as well as I can't view this update on the news page.