Generating SSL/TLS certificates via DNS Challenge
- Sudhamsh Kandukuri
- Gurpreet Luthra
- Sruti Sridhar
- Sravanthi N. S. CH.
(Feb-2023) YouTube Training video on how to setup SSL Certificates for Bahmni:
Generating certificates can be achieved in two ways
- Manual
- Automated
Manual
Please follow the steps mentioned below to generate the certificates manually
Install acme.sh
curl https://get.acme.sh | sh
DNS manual mode
acme.sh --issue --dns -d aa.com -d www.aa.com
Please make sure that you get an output like the one below:
Add the following txt record: Domain:_acme-challenge.aa.com Txt value:9ihDbjYfTExAYeDs4DBUeuTo18KBzwvTEjUnSwd32-c Add the following txt record: Domain:_acme-challenge.www.aa.com Txt value:9ihDbjxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Please add those txt records to the domains. Waiting for the dns to take effect.
Rerun acme.sh with renew
argument:
acme.sh --renew -d aa.com
Automated
Lego can be used to automate the process of generating certificates. Currently it comes with multiple optional DNS providers.
1.Download the latest version from releases
2.Install golang -> https://golang.org/doc/install
Install golang from https://golang.org/doc/install
3.Obtain a certificate using the DNS challenge and AWS Route 53
AWS_REGION=us-east-1 AWS_ACCESS_KEY_ID=my_id AWS_SECRET_ACCESS_KEY=my_key lego --email="foo@bar.com" --domains="example.com" --dns="route53" run
For other ways to obtain certificate as mentioned in above step, refer DNS providers
The Bahmni documentation is licensed under Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)