We need a Bionic and a Focal system for that reachable from the Internet
with a DNS name.
I have created those test systems temporarily on canonistack (an
internal openstack service)
These notes are mostly for myself to re-do it once things land in proposed,
but also illustrate for everyone how this can be done.
# get Focal
$ openstack server create --key-name paelzer_canonistack-bos01 --flavor cpu2-ram2-disk10 --image 3eee21dc-0862-4181-b2cc-7ece13651edf bos01-amd64-certbot-focal
$ openstack floating ip create net_external
$ openstack server add floating ip bos01-amd64-certbot-focal <IP>
# get Bionic
$ openstack server create --key-name paelzer_canonistack-bos01 --flavor cpu2-ram2-disk10 --image dffafdf1-8a98-4b7a-9809-6f9d406da38f bos01-amd64-certbot-bionic
$ openstack floating ip create net_external
$ openstack server add floating ip bos01-amd64-certbot-bionic <IP>
# open for 80/443
$ openstack security group rule create --dst-port 80 --protocol tcp default
$ openstack security group rule create --dst-port 443 --protocol tcp default
# I had no free DNS service at hand, but domains left
# So I created two DNS names for those two public IPs that I had
# Not sharing this here thou to keep my api key safe :-)
# I ended up with cb-test-focal.dd-dns.de / cb-test-focal.dd-dns.de which I
# can re-use for this and then will drop.
# get certbot (I'll use apache for testing)
$ sudo apt install python3-certbot python3-certbot-apache
# Get a ACMEv2 cert (current default)
$ sudo certbot --apache
# go along the questions and use the DNS you have set up
# modify the server endpoint to v1 manually
# thanks Brad for the suggestion
$ sudo sed -i -e 's/acme-v02/acme-v01/g' /etc/letsencrypt/renewal/*
# renew Cert (will try to use the patched v1 sever)
$ sudo certbot renew --force-renewal
We need a Bionic and a Focal system for that reachable from the Internet
with a DNS name.
I have created those test systems temporarily on canonistack (an
internal openstack service)
These notes are mostly for myself to re-do it once things land in proposed, canonistack- bos01 --flavor cpu2-ram2-disk10 --image 3eee21dc- 0862-4181- b2cc-7ece13651e df bos01-amd64- certbot- focal certbot- focal <IP> canonistack- bos01 --flavor cpu2-ram2-disk10 --image dffafdf1- 8a98-4b7a- 9809-6f9d406da3 8f bos01-amd64- certbot- bionic certbot- bionic <IP>
but also illustrate for everyone how this can be done.
# get Focal
$ openstack server create --key-name paelzer_
$ openstack floating ip create net_external
$ openstack server add floating ip bos01-amd64-
# get Bionic
$ openstack server create --key-name paelzer_
$ openstack floating ip create net_external
$ openstack server add floating ip bos01-amd64-
# open for 80/443
$ openstack security group rule create --dst-port 80 --protocol tcp default
$ openstack security group rule create --dst-port 443 --protocol tcp default
# I had no free DNS service at hand, but domains left focal.dd- dns.de / cb-test- focal.dd- dns.de which I
# So I created two DNS names for those two public IPs that I had
# Not sharing this here thou to keep my api key safe :-)
# I ended up with cb-test-
# can re-use for this and then will drop.
# get certbot (I'll use apache for testing) certbot- apache
$ sudo apt install python3-certbot python3-
# Get a ACMEv2 cert (current default)
$ sudo certbot --apache
# go along the questions and use the DNS you have set up
# modify the server endpoint to v1 manually v02/acme- v01/g' /etc/letsencryp t/renewal/ *
# thanks Brad for the suggestion
$ sudo sed -i -e 's/acme-
# renew Cert (will try to use the patched v1 sever)
$ sudo certbot renew --force-renewal