From f47365c69badc98780a3ff1b71f19e261824cca3 Mon Sep 17 00:00:00 2001 From: Stefano Date: Sat, 23 Dec 2023 00:28:06 +0100 Subject: [PATCH 1/4] Update creating_ssl_certificates.md Made a seperation of the documentation on CF's side. --- tutorials/creating_ssl_certificates.md | 27 ++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/tutorials/creating_ssl_certificates.md b/tutorials/creating_ssl_certificates.md index c1c8656b6..bfbc1a1e1 100644 --- a/tutorials/creating_ssl_certificates.md +++ b/tutorials/creating_ssl_certificates.md @@ -97,15 +97,15 @@ systemctl restart wings ::: ::: tab "Method 2: acme.sh (using Cloudflare API)" -This is for advanced users, whose server systems do not have access to port 80. The command below is for Ubuntu distributions and CloudFlare API (you may google for other APIs for other DNS providers), but you can always check [acme.sh's official site](https://github.com/Neilpang/acme.sh) for installation instructions. +This is for advanced users, whose server systems do not have access to port 80. The command below is for Ubuntu distributions and CloudFlare API (you may google for other APIs for other DNS providers), but you can always check [acme.sh's official site](https://github.com/Neilpang/acme.sh) for installation instructions. Make sure you read both instructions, as some people may have moved to CloudFlare's [new authorization system](https://blog.cloudflare.com/permissions-best-practices) (Modern), but other's [have not](https://community.cloudflare.com/t/cannot-add-new-member-error-1005/421516) (Legacy). ``` bash curl https://get.acme.sh | sh ``` -### Obtaining CloudFlare API Key +### Obtaining CloudFlare API Key (Legacy) -After installing acme.sh, we need to fetch a CloudFlare API key. On Cloudfare's website, select your domain, then on the right side, copy your "Zone ID" and "Account ID" then click on "Get your API token", click on "Create Token" > select the template "Edit zone DNS" > select the scope of "Zone Ressources" and then click on "Continue to summary", copy your token. +After installing acme.sh, we need to fetch a CloudFlare API key. On Cloudfare's website, select your domain, then on the right side, copy your "Zone ID" and "Account ID" then click on "Get your API token", click on "Create Token" > select the template "Edit zone DNS" > select the scope of "Zone Resources" and then click on "Continue to summary", copy your token. ### Creating a Certificate @@ -121,10 +121,29 @@ After installing acme.sh and obtaining CloudFlare API key, we need to then gener export CF_Token="Your_CloudFlare_API_Key" export CF_Account_ID="Your_CloudFlare_Account_ID" export CF_Zone_ID="Your_CloudFlare_Zone_ID" +``` + + +### Obtaining CloudFlare API Key (Modern) + +After installing acme.sh, we need to fetch a CloudFlare API key. On Cloudfare's website, click on your profile on the top right. Then go to "My Profile", on the left you will find "API Tokens". Click it and it'll bring you to [the api tokens page](https://dash.cloudflare.com/profile/api-tokens). Select "Create Token" and use the "Edit zone DNS" template. Then once on the next page, goto "Zone Resources" and "Include" - "Specific Zone" - (Select the domain you want to use). Then continue to the summery. Confirm you'd like to create the token. + +### Creating a Certificate + +Since the configuration file is based on Certbot, we need to create the folder manually. +```bash +sudo mkdir -p /etc/letsencrypt/live/example.com +``` + +After installing acme.sh and obtaining CloudFlare API key, we need to then generate a certificate. First input the CloudFlare API credentials. + +```bash +export CF_Key="Your_CloudFlare_API_Key" +export CF_Email="Your_CloudFlare_Email" ``` -Then create the certificate. +Then create the certificate. Since the API key is bound to the domain, Cloudflare should allow you to generate one. ```bash acme.sh --issue --dns dns_cf -d "example.com" --server letsencrypt \ From 22844b55e0e503387453b88a4f3000b535126c1d Mon Sep 17 00:00:00 2001 From: Rowan <37227235+rowansc1@users.noreply.github.com> Date: Sun, 29 Sep 2024 19:15:37 +0100 Subject: [PATCH 2/4] Changed acme's website. --- tutorials/creating_ssl_certificates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tutorials/creating_ssl_certificates.md b/tutorials/creating_ssl_certificates.md index bfbc1a1e1..7dbac954a 100644 --- a/tutorials/creating_ssl_certificates.md +++ b/tutorials/creating_ssl_certificates.md @@ -97,7 +97,7 @@ systemctl restart wings ::: ::: tab "Method 2: acme.sh (using Cloudflare API)" -This is for advanced users, whose server systems do not have access to port 80. The command below is for Ubuntu distributions and CloudFlare API (you may google for other APIs for other DNS providers), but you can always check [acme.sh's official site](https://github.com/Neilpang/acme.sh) for installation instructions. Make sure you read both instructions, as some people may have moved to CloudFlare's [new authorization system](https://blog.cloudflare.com/permissions-best-practices) (Modern), but other's [have not](https://community.cloudflare.com/t/cannot-add-new-member-error-1005/421516) (Legacy). +This is for advanced users, whose server systems do not have access to port 80. The command below is for Ubuntu distributions and CloudFlare API (you may google for other APIs for other DNS providers), but you can always check [acme.sh's official site](https://github.com/acmesh-official/acme.sh) for installation instructions. Make sure you read both instructions, as some people may have moved to CloudFlare's [new authorization system](https://blog.cloudflare.com/permissions-best-practices) (Modern), but other's [have not](https://community.cloudflare.com/t/cannot-add-new-member-error-1005/421516) (Legacy). ``` bash curl https://get.acme.sh | sh From e41113aaf5bed4d23f3b118a10e430e3bf7f8755 Mon Sep 17 00:00:00 2001 From: Rowan <37227235+rowansc1@users.noreply.github.com> Date: Sun, 29 Sep 2024 19:17:16 +0100 Subject: [PATCH 3/4] Changed legacy cloudflare API link to a more relevant one. --- tutorials/creating_ssl_certificates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tutorials/creating_ssl_certificates.md b/tutorials/creating_ssl_certificates.md index 7dbac954a..12aaff886 100644 --- a/tutorials/creating_ssl_certificates.md +++ b/tutorials/creating_ssl_certificates.md @@ -97,7 +97,7 @@ systemctl restart wings ::: ::: tab "Method 2: acme.sh (using Cloudflare API)" -This is for advanced users, whose server systems do not have access to port 80. The command below is for Ubuntu distributions and CloudFlare API (you may google for other APIs for other DNS providers), but you can always check [acme.sh's official site](https://github.com/acmesh-official/acme.sh) for installation instructions. Make sure you read both instructions, as some people may have moved to CloudFlare's [new authorization system](https://blog.cloudflare.com/permissions-best-practices) (Modern), but other's [have not](https://community.cloudflare.com/t/cannot-add-new-member-error-1005/421516) (Legacy). +This is for advanced users, whose server systems do not have access to port 80. The command below is for Ubuntu distributions and CloudFlare API (you may google for other APIs for other DNS providers), but you can always check [acme.sh's official site](https://github.com/acmesh-official/acme.sh) for installation instructions. Make sure you read both instructions, as some people may have moved to CloudFlare's [new authorization system](https://blog.cloudflare.com/permissions-best-practices) (Modern), but other's [have not](https://cloudflare.tv/event/ea8JJLgR) (Legacy). ``` bash curl https://get.acme.sh | sh From 783b0572d18ce52aa24ec9ffb4db40be7c41dedd Mon Sep 17 00:00:00 2001 From: Rowan <37227235+rowansc1@users.noreply.github.com> Date: Sun, 29 Sep 2024 19:20:26 +0100 Subject: [PATCH 4/4] Misc spelling & grammar --- tutorials/creating_ssl_certificates.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tutorials/creating_ssl_certificates.md b/tutorials/creating_ssl_certificates.md index 12aaff886..2196ea160 100644 --- a/tutorials/creating_ssl_certificates.md +++ b/tutorials/creating_ssl_certificates.md @@ -70,7 +70,7 @@ which provides more options, and is much more powerful than certbot. If you get an `Insecure Connection` or SSL/TLS related error when trying to access your panel or wings, the certificate has likely expired. This can be easily fixed by renewing the SSL certificate, although using the command `certbot renew` might not do the job if port 80 is in use, as it'll return errors like: `Error: Attempting to renew cert (domain) from /etc/letsencrypt/renew/domain.conf produced an unexpected error`. -This will happen especially if you're running Nginx instead of Apache. The solution for this is to use Nginx or Apache plugins with `--nginx` and `--apache`. Alternatively, you can stop Nginx, then renew the certificate, finally restart Nginx. Replace `nginx` with your own web server or with `wings` should you be renewing the certificate for Wings. +This will happen especially if you're running Nginx instead of Apache. The solution for this is to use Nginx or Apache plugins with `--nginx` and `--apache`. Alternatively, you can stop Nginx, then renew the certificate, and finally restart Nginx. Replace `nginx` with your own web server or with `wings` should you be renewing the certificate for Wings. Stop Nginx: @@ -84,7 +84,7 @@ Renew the certificate: certbot renew ``` -Once the process has complete, you can restart the Nginx service: +Once the process has completed, you can restart the Nginx service: ```bash systemctl start nginx @@ -97,7 +97,7 @@ systemctl restart wings ::: ::: tab "Method 2: acme.sh (using Cloudflare API)" -This is for advanced users, whose server systems do not have access to port 80. The command below is for Ubuntu distributions and CloudFlare API (you may google for other APIs for other DNS providers), but you can always check [acme.sh's official site](https://github.com/acmesh-official/acme.sh) for installation instructions. Make sure you read both instructions, as some people may have moved to CloudFlare's [new authorization system](https://blog.cloudflare.com/permissions-best-practices) (Modern), but other's [have not](https://cloudflare.tv/event/ea8JJLgR) (Legacy). +This is for advanced users, whose server systems do not have access to port 80. The command below is for Ubuntu distributions and CloudFlare API (you may google for other APIs for other DNS providers), but you can always check [acme.sh's official site](https://github.com/acmesh-official/acme.sh) for installation instructions. Make sure you read both instructions, as some people may have moved to CloudFlare's [new authorization system](https://blog.cloudflare.com/permissions-best-practices) (Modern), but others [have not](https://cloudflare.tv/event/ea8JJLgR) (Legacy). ``` bash curl https://get.acme.sh | sh @@ -115,7 +115,7 @@ Since the configuration file is based on Certbot, we need to create the folder m sudo mkdir -p /etc/letsencrypt/live/example.com ``` -After installing acme.sh and obtaining CloudFlare API key, we need to then generate a certificate. First input the CloudFlare API credentials. +After installing acme.sh and obtaining CloudFlare API key, we need to then generate a certificate. First, input the CloudFlare API credentials. ```bash export CF_Token="Your_CloudFlare_API_Key" @@ -126,7 +126,7 @@ export CF_Zone_ID="Your_CloudFlare_Zone_ID" ### Obtaining CloudFlare API Key (Modern) -After installing acme.sh, we need to fetch a CloudFlare API key. On Cloudfare's website, click on your profile on the top right. Then go to "My Profile", on the left you will find "API Tokens". Click it and it'll bring you to [the api tokens page](https://dash.cloudflare.com/profile/api-tokens). Select "Create Token" and use the "Edit zone DNS" template. Then once on the next page, goto "Zone Resources" and "Include" - "Specific Zone" - (Select the domain you want to use). Then continue to the summery. Confirm you'd like to create the token. +After installing acme.sh, we need to fetch a CloudFlare API key. On Cloudfare's website, click on your profile on the top right. Then go to "My Profile", on the left you will find "API Tokens". Click it and it'll bring you to [the API tokens page](https://dash.cloudflare.com/profile/api-tokens). Select "Create Token" and use the "Edit zone DNS" template. Then once on the next page, go to "Zone Resources" and "Include" - "Specific Zone" - (Select the domain you want to use). Then continue to the summary. Confirm you'd like to create the token. ### Creating a Certificate @@ -136,7 +136,7 @@ Since the configuration file is based on Certbot, we need to create the folder m sudo mkdir -p /etc/letsencrypt/live/example.com ``` -After installing acme.sh and obtaining CloudFlare API key, we need to then generate a certificate. First input the CloudFlare API credentials. +After installing acme.sh and obtaining the CloudFlare API key, we need to then generate a certificate. First, input the CloudFlare API credentials. ```bash export CF_Key="Your_CloudFlare_API_Key" @@ -153,7 +153,7 @@ acme.sh --issue --dns dns_cf -d "example.com" --server letsencrypt \ ### Auto Renewal -After running the script for the first time, it will be added to the crontab automatically. You may edit the auto renewal interval by editing the crontab. +After running the script for the first time, it will be added to the crontab automatically. You may edit the auto-renewal interval by editing the crontab. ```bash sudo crontab -e