20 lines
609 B
Markdown
20 lines
609 B
Markdown
|
|
|
|
To obtain a DNS verified certificate for the websockert server:
|
|
|
|
certbot certonly -d w02.wrede.ca -d ws.wrede.ca --dns-rfc2136 --dns-rfc2136-credentials /usr/local/etc/letsencrypt/certbot_dns_rfc2136.ini --dns-rfc2136-propagation-seconds 10
|
|
|
|
and the rfc2136.ini file looks like:
|
|
|
|
# Target DNS server
|
|
dns_rfc2136_server = 192.168.196.248
|
|
# Target DNS port
|
|
dns_rfc2136_port = 53
|
|
# TSIG key name
|
|
dns_rfc2136_name = tsig-key
|
|
# TSIG key secret
|
|
dns_rfc2136_secret = 1KsWP8ZkZxBDKS0RQ2n3bkz1xpVPtz3Tk1y3r/dF+4knwGBzscse8iewaEr/6jUtxaL1taGME6eqSDtV2SD8NQ==
|
|
# TSIG key algorithm
|
|
dns_rfc2136_algorithm = HMAC-SHA512
|
|
|