Добавлено подробное руководство по тестированию SSL-сертификатов и скрипты автоматизации.
Some checks failed
Sync from Gitea / sync (push) Has been cancelled
Some checks failed
Sync from Gitea / sync (push) Has been cancelled
- Добавлено подробное руководство по тестированию SSL-сертификатов с использованием самоподписанных сертификатов. - Добавлены инструкции по созданию тестовых сертификатов с помощью Makefile, Python и Bash-скриптов. - Добавлены сравнение методов и подробные инструкции по настройке, проверке и использованию в Nginx. - Задокументированы этапы перехода от тестовых сертификатов к рабочим. - Создано руководство по получению сертификатов Let's Encrypt с DNS-запросом для провайдера reg.ru. - Разработано подробное руководство по настройке использования глобального SSL-сертификата в Nginx Proxy Manager. - Предоставлены инструкции по созданию и обновлению wildcard-сертификатов в Nginx Proxy Manager. - Добавлены скрипты автоматизации для создания и обновления SSL-сертификатов с помощью API reg.ru. - Реализованы Git-хуки для Gitea для синхронизации изменений с GitHub после отправки. - Улучшено логирование и обработка ошибок в Git-хуках для улучшения мониторинга и устранения неполадок.
This commit is contained in:
Dmitriy Fofanov
86
docs/SSL_Certificate_Creation_and_Renewal_EN.md
Normal file
86
docs/SSL_Certificate_Creation_and_Renewal_EN.md
Normal file
@@ -0,0 +1,86 @@
|
||||
# Guide to Creating Wildcard Certificate *.dfv24.com in Nginx Proxy Manager and Configuring Automatic SSL Renewal
|
||||
|
||||
---
|
||||
|
||||
## Step 1. Preparation
|
||||
|
||||
- Ensure Nginx Proxy Manager (NPM) is installed and accessible at http://192.168.10.14:81/
|
||||
- You have access to DNS records for dfv24.com domain in reg.ru control panel or another registrar
|
||||
|
||||
---
|
||||
|
||||
## Step 2. Creating Wildcard SSL Certificate in Nginx Proxy Manager
|
||||
|
||||
1. Log in to Nginx Proxy Manager admin panel at http://192.168.10.14:81/
|
||||
|
||||
2. Navigate to **SSL Certificates** → click **Add SSL Certificate** button
|
||||
|
||||
3. Select **Let's Encrypt**
|
||||
|
||||
4. Fill in the fields:
|
||||
- **Domain Names:**
|
||||
Enter `*.dfv24.com` — for wildcard certificate
|
||||
Also recommended to add main domain `dfv24.com` (comma-separated or in new field)
|
||||
- **Email Address:**
|
||||
Specify your Email for Let's Encrypt notifications (required)
|
||||
- **HTTP Challenge:**
|
||||
Leave HTTP verification if NPM is accessible from internet on ports 80 and 443, or configure DNS Challenge if supported by your DNS
|
||||
|
||||
5. Check "Agree to the Let's Encrypt Terms of Service"
|
||||
|
||||
6. Click **Save**
|
||||
|
||||
- NPM will begin certificate obtaining process with domain verification.
|
||||
- Upon successful certificate request, you'll see new certificate in the list.
|
||||
|
||||
---
|
||||
|
||||
## Step 3. Configuring Automatic Renewal
|
||||
|
||||
- Nginx Proxy Manager automatically handles Let's Encrypt certificate renewal.
|
||||
- For this, server must be accessible from internet on ports 80 and 443, and DNS records must correctly point to your server.
|
||||
- NPM periodically (usually 30 days before expiration) requests certificate renewal.
|
||||
- When using DNS Challenge, NPM must have DNS provider integration configured (if supported).
|
||||
|
||||
---
|
||||
|
||||
## Step 4. Using Wildcard Certificate in Proxy Hosts
|
||||
|
||||
1. Go to **Proxy Hosts** → Create or edit proxy entry
|
||||
|
||||
2. In **Domain Names** field, specify needed subdomain from dfv24.com, for example:
|
||||
`api.dfv24.com` or `www.dfv24.com`
|
||||
|
||||
3. In **SSL** section, select your wildcard certificate `*.dfv24.com` that you obtained in Step 2
|
||||
|
||||
4. Enable options:
|
||||
- Use SSL
|
||||
- Force SSL
|
||||
- HSTS (if needed)
|
||||
|
||||
5. Save changes.
|
||||
|
||||
---
|
||||
|
||||
## Step 5. Verification
|
||||
|
||||
1. Verify that all subdomains use the same certificate
|
||||
2. Visit https://api.dfv24.com or other subdomains from browser
|
||||
3. Ensure certificate is valid, not expired, and issued for *.dfv24.com
|
||||
4. Check certificate renewal status in SSL Certificates section
|
||||
|
||||
---
|
||||
|
||||
## Additional Information
|
||||
|
||||
- If Let's Encrypt cannot perform HTTP Challenge due to closed port, configure DNS Challenge (may require DNS provider API key)
|
||||
- For security and notifications, keep Email up to date
|
||||
- Check Nginx Proxy Manager logs to identify renewal errors
|
||||
|
||||
---
|
||||
|
||||
# Summary
|
||||
|
||||
Nginx Proxy Manager allows easy obtaining and automatic renewal of wildcard SSL certificates for *.dfv24.com domain using Let's Encrypt.
|
||||
Main requirements — properly configured DNS records and internet access on HTTP/HTTPS ports.
|
||||
Then use one global certificate for all your subdomains through Proxy Hosts settings.
|
||||
Reference in New Issue
Block a user