/munetakaJupyterHub/Computer/Caddy/.ipynb_checkpoints/CaddyWithCerbot-checkpoint.md

§2023-07-02

get ssl

$ sudo certbot certonly --standalone -d h2jammy.yushei.net 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for h2jammy.yushei.net

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/h2jammy.yushei.net/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/h2jammy.yushei.net/privkey.pem
This certificate expires on 2023-09-30.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - -

move keys into /etc/caddy

$ sudo cp /etc/letsencrypt/live/h2jammy.yushei.net/fullchain.pem fullchain.pem
$ sudo cp /etc/letsencrypt/live/h2jammy.yushei.net/privkey.pem privkey.pem
$ sudo chmod a+r privkey.pem

Caddyfile as,

# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.

h2jammy.yushei.net {
        # ssl certificate from cerbot
        # tls /etc/letsencrypt/live/h2jammy.yushei.net/fullchain.pem /etc/letsencrypt/live/h2jammy.yushei.net/privkey.pem
        tls /etc/caddy/fullchain.pem /etc/caddy/privkey.pem

        # Set this path to your site's directory.
        root * /usr/share/caddy

        # Enable the static file server.
        file_server

        # Another common task is to set up a reverse proxy:
        # reverse_proxy localhost:8080

        # Or serve a PHP site through php-fpm:
        # php_fastcgi localhost:9000
}

# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile

systemctl restart caddy and check

On ArchLinux

use snap install certbot

]$ sudo sudo certbot certonly --standalone -d ornagepi5.yushei.net
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): alexlai@munetaka.me

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Account registered.
Requesting a certificate for ornagepi5.yushei.net

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
  Domain: ornagepi5.yushei.net
  Type:   dns
  Detail: DNS problem: NXDOMAIN looking up A for ornagepi5.yushei.net - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for ornagepi5.yushei.net - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.