Using ZeroSSL with CapRover #1515
fu-sen
started this conversation in
Show and tell
Replies: 1 comment
-
ZeroSSL always sends expiration notices by email for each certificate. This happens even if the certificate has already been renewed. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
This is for environments that have problems using Let's Encrypt. The problem would be rate limiting
Unless you're having trouble using Let's Encrypt, don't do this!
I have experience issuing ZeroSSL with Caddy and acme.sh. So I tried issuing ZeroSSL to CapRover as well.
How to use ZeroSSL with CapRover is mentioned in Configure Certbot to use a new ACME Server.
However, this alone failed to issue a ZeroSSL certificate, so I needed a supplement here.
First, you need to issue EAB (External Account Binding) credentials:
ZeroSSL website - Developer - "Generate" in EAB Credentials for ACME Clients
Put it in a text editor and save the file once.
The following commands require root privileges. therefore:
One more caveat. It is
letencrypt
, notletsencrypt
(there is nos
! This is also discussed in other discussions and issues)cli.ini
is as described. ZeroSSL requires all items.eab-kid
andeab-hmac-key
should have been issued earlier on the ZeroSSL website.A reboot is required after that.
Browse to Your CapRover's "NGINX Configurations".
This can be found in "captain-root.conf" in "Settings" and "HTTPS configs" in "Apps" respectively.
"captain-root.conf" in "Settings"
Please find the following location.
Add this below.
"HTTPS configs" in "Apps"
Each app that uses https requires a change. Please find the following location.
This file exists in 2 places.
After this add the following to each.
Ready. Now click
Enable HTTPS
. Please wait a moment to confirm that the certificate has been issued. It's ZeroSSL!To quickly check, create any new App and enable HTTPS for it.
ZeroSSL takes longer to issue than Let's Encrypt. Please wait without panic.
When it times out, the process is still in progress! After waiting a little longer, refresh the App page and you should see HTTPS enabled.
If it has not been issued, the ZeroSSL server may be malfunctioning, so please wait a while and try issuing it again.
All subsequent issuances will be ZeroSSL.
certbot will keep existing certificates up to 30 days before they expire. After the update we will issue ZeroSSL.
Revert to issuing Let's Encrypt
If ZeroSSL is issued successfully, it will be maintained until 30 days before expiration.
Beta Was this translation helpful? Give feedback.
All reactions