Difference between pages "TipOfTheDay" and "FreeCA Certs"

From TheBestLinux.com
(Difference between pages)
Jump to navigation Jump to search
 
 
Line 1: Line 1:
= '''Tip of the Day''' =
+
'''Here is some info for free CA certificates:'''
<br />
 
* May 28, 2021
 
'''The Issue:'''
 
<pre style="color:blue">
 
/etc/resolv.conf - Why do my DNS lookups not work, or sometimes seem to work, and other times don't.
 
</pre>
 
 
<br />
 
<br />
  
Today's tip of the day is something I just figured out, after having it bug me for many years, and only just now confirming the resolution!
+
[https://en.wikipedia.org/wiki/CAcert.org Certificate Authority Wiki]
 
<br /><br />
 
<br /><br />
  
Unfortunately, '''Network Manager''' often creates a new /etc/resolv.conf file with the "search" statement preceding the "nameserver" statement(s)This causes intermittent DNS lookup failures, especially on the local network!  This has caused me years of frustration, so my hopes are this will help others avoid my past frustration! :-)
+
I LOVE & use Let's Encrypt, Google's free SSL certificate authority and server and it's certificate renewal utility CertbotHere's an example of the command to use to renew your SSL certificate for use on an NginX webserver:
 
<br /><br />
 
<br /><br />
 
+
<pre style="colore:blue">
Here is an example of what '''Network Manager''' can create, causing my local DNS queries on my own internal BIND9 DNS VM servers to fail:
+
[root@wiki.linuxjamie.com:~]# certbot --nginx --redirect --agree-tos --no-eff-email -d wiki.linuxjamie.com -m jamie@linuxjamie.com
<pre style="color:blue">
 
# Generated by NetworkManager
 
search dawgland.com
 
nameserver 192.168.200.103
 
nameserver 192.168.200.104
 
nameserver 4.2.2.4
 
 
 
 
</pre>
 
</pre>
<br />
 
 
Through trial and error using multiple machines(VM's actually) with multiple distros of Linux, both Red Hat and Debian based, I discovered that the order of the statements within the /etc/resolv.conf file make a HUGE differnce!
 
 
<br /><br />
 
<br /><br />
 
+
Here's an example crontab entry to automate your Let's Encrypt SSL certificate renewal on a regular basis so it never expires:
'''The Solution:'''
 
 
<br />
 
<br />
The nameserver statements MUST come before the "search" statement!!!  Such as this example:
 
 
<pre style="color:blue">
 
<pre style="color:blue">
# /etc/resolv.conf - Created manually on 05-28-2021
+
[root@www.thebestlinux.com:/usr/share/nginx/html]# crontab -l
nameserver 192.168.200.103
+
0 2 * * * certbot renew --quiet
nameserver 192.168.200.104
 
nameserver 4.2.2.4
 
search dawgland.com
 
 
 
 
</pre>
 
</pre>
 
<br />
 
 
The changes take effect immediatelly, without the need to reboot or restart any services. I hope you found this tip of the day useful!
 
 
<br /><br />
 
<br /><br />

Revision as of 05:02, 15 December 2022

Here is some info for free CA certificates:

Certificate Authority Wiki

I LOVE & use Let's Encrypt, Google's free SSL certificate authority and server and it's certificate renewal utility Certbot! Here's an example of the command to use to renew your SSL certificate for use on an NginX webserver: 

[root@wiki.linuxjamie.com:~]# certbot --nginx --redirect --agree-tos --no-eff-email -d wiki.linuxjamie.com -m jamie@linuxjamie.com



Here's an example crontab entry to automate your Let's Encrypt SSL certificate renewal on a regular basis so it never expires: 

[root@www.thebestlinux.com:/usr/share/nginx/html]# crontab -l
0 2 * * * certbot renew --quiet



Retrieved from "https://thebestlinux.com/index.php?title=TipOfTheDay&oldid=1190"