/
Generating SSL/TLS certificates via DNS Challenge

Generating SSL/TLS certificates via DNS Challenge

Aug 12, 2023

(Feb-2023) YouTube Training video on how to setup SSL Certificates for Bahmni:

 

Generating certificates can be achieved in two ways

  • Manual

  • Automated

Manual 

Please follow the steps mentioned below to generate the certificates manually

Install acme.sh

curl https://get.acme.sh | sh

DNS manual mode

 

acme.sh --issue --dns -d aa.com -d www.aa.com

Please make sure that you get an output like the one below:

Add the following txt record: Domain:_acme-challenge.aa.com Txt value:9ihDbjYfTExAYeDs4DBUeuTo18KBzwvTEjUnSwd32-c Add the following txt record: Domain:_acme-challenge.www.aa.com Txt value:9ihDbjxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Please add those txt records to the domains. Waiting for the dns to take effect.

Rerun acme.sh with renew argument:

acme.sh --renew -d aa.com

 

Automated

Lego can be used to automate the process of generating certificates. Currently it comes with multiple optional DNS providers.

1.Download the latest version from releases 

Download link

Download from https://github.com/xenolf/lego/releases

 

2.Install golang -> https://golang.org/doc/install

Install golang from https://golang.org/doc/install

 

3.Obtain a certificate using the DNS challenge and AWS Route 53

AWS_REGION=us-east-1 AWS_ACCESS_KEY_ID=my_id AWS_SECRET_ACCESS_KEY=my_key lego --email="foo@bar.com" --domains="example.com" --dns="route53" run

For other ways to obtain certificate as mentioned in above step, refer DNS providers

 

 

 

 

On this page
Related Reading

Configure Valid SSL Certificates

Free SSL/TLS Certificates using LetsEncrypt

The Bahmni documentation is licensed under Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)