# โšก SSL Certificate Cheatsheet ## ๐Ÿš€ Quick Start ### Installation in 3 Commands ```bash sudo make install sudo nano /etc/letsencrypt/regru_config.json # Fill in data sudo make test-cert # Test ``` --- ## ๐Ÿงช Testing (NO Let's Encrypt Limits) ```bash # Create test certificate (unlimited) sudo make test-cert # Check status sudo make status # View logs sudo make logs ``` **When to use:** - โš ๏ธ Let's Encrypt: max 5 certificates/week - โœ… Test: UNLIMITED - โšก Creation: 1-2 seconds vs 2-5 minutes --- ## ๐Ÿ”’ Production (Let's Encrypt) ```bash # Get real certificate sudo make obtain # Automatic mode (check + renewal) sudo make run # Force renewal sudo make renew ``` --- ## ๐Ÿ“‹ Main Commands | Command | Description | Limits | |---------|-------------|--------| | `make test-cert` | Test certificate | โœ… None | | `make obtain` | New Let's Encrypt | โš ๏ธ 5/week | | `make renew` | Renew existing | โš ๏ธ 5/week | | `make run` | Auto mode | โš ๏ธ 5/week | | `make status` | System status | - | | `make logs` | Show logs | - | | `make check-config` | Check configuration | - | --- ## ๐Ÿ“ Configuration ### Minimal (testing) ```json { "domain": "test.example.com", "wildcard": true, "cert_dir": "/etc/letsencrypt/live" } ``` ### Full (production + NPM) ```json { "regru_username": "myuser", "regru_password": "mypassword", "domain": "example.com", "wildcard": true, "email": "admin@example.com", "renewal_days": 30, "npm_enabled": true, "npm_host": "https://npm.example.com", "npm_email": "admin@example.com", "npm_password": "npm_password" } ``` --- ## ๐Ÿ”„ Workflow ### Development โ†’ Production ```bash # 1. Development (test certificates) sudo make test-cert # Create test # Test application... # 2. Production (Let's Encrypt) sudo rm -rf /etc/letsencrypt/live/example.com/ # Remove test sudo make obtain # Create production ``` --- ## ๐Ÿ“ Important Paths ```bash # Configuration /etc/letsencrypt/regru_config.json # Certificates /etc/letsencrypt/live/example.com/ โ”œโ”€โ”€ privkey.pem # Private key โ”œโ”€โ”€ cert.pem # Certificate โ”œโ”€โ”€ fullchain.pem # Full chain (for nginx) โ””โ”€โ”€ chain.pem # CA chain # Scripts /opt/letsencrypt-regru/letsencrypt_regru_api.py # Logs /var/log/letsencrypt_regru.log ``` --- ## ๐Ÿ” Verification ```bash # Check configuration sudo make check-config # Check certificate openssl x509 -in /etc/letsencrypt/live/example.com/cert.pem -text -noout # Check expiration date openssl x509 -in /etc/letsencrypt/live/example.com/cert.pem -noout -dates # Check systemd sudo systemctl status letsencrypt-regru.timer sudo systemctl list-timers letsencrypt-regru.timer # Check cron sudo crontab -l | grep letsencrypt ``` --- ## ๐Ÿ› Debugging ```bash # Detailed logs sudo make logs # Test run with details sudo python3 /opt/letsencrypt-regru/letsencrypt_regru_api.py \ -c /etc/letsencrypt/regru_config.json --check -v # Certbot logs sudo tail -f /var/log/letsencrypt/letsencrypt.log # Systemd logs sudo journalctl -u letsencrypt-regru.service -f ``` --- ## โš ๏ธ Common Errors ### Let's Encrypt: Rate limit exceeded ```bash # SOLUTION: Use test certificates sudo make test-cert ``` ### NPM: Certificate not found ```bash # SOLUTION: Check NPM settings sudo make check-config # Check connection curl -k https://npm.example.com ``` ### Permission denied ```bash # SOLUTION: Run with sudo sudo make test-cert ``` --- ## ๐ŸŽฏ Use Case Scenarios ### Local Development ```bash sudo make test-cert # Open https://localhost (ignore warning) ``` ### CI/CD Testing ```bash # In pipeline sudo make test-cert # Run tests... sudo make status ``` ### Staging Environment ```bash sudo make test-cert # Or sudo make obtain # If domain available ``` ### Production Environment ```bash sudo make install sudo make obtain # Automatic renewal via cron/systemd ``` --- ## ๐Ÿ“š Documentation - **README.md** - Complete guide (1420+ lines) - **TESTING_GUIDE.md** - Testing guide (370+ lines) - **PROJECT_STRUCTURE.md** - Project structure - **CHEATSHEET.md** - This cheatsheet --- ## ๐Ÿ†˜ Quick Help ```bash # Show all commands make help # Check installation sudo make status # Complete reinstall sudo make uninstall sudo make install ``` --- ## ๐Ÿ’ก Tips 1. **Always start with test certificates** - avoid limits 2. **Check configuration** - `make check-config` 3. **Monitor logs** - `make logs` 4. **Automate** - systemd/cron already configured 5. **Keep backups** of configuration --- **Version**: 2.1 **Updated**: 27.10.2025