2f89d9e169
- Добавлено подробное руководство по тестированию SSL-сертификатов с использованием самоподписанных сертификатов. - Добавлены инструкции по созданию тестовых сертификатов с помощью Makefile, Python и Bash-скриптов. - Добавлены сравнение методов и подробные инструкции по настройке, проверке и использованию в Nginx. - Задокументированы этапы перехода от тестовых сертификатов к рабочим. - Создано руководство по получению сертификатов Let's Encrypt с DNS-запросом для провайдера reg.ru. - Разработано подробное руководство по настройке использования глобального SSL-сертификата в Nginx Proxy Manager. - Предоставлены инструкции по созданию и обновлению wildcard-сертификатов в Nginx Proxy Manager. - Добавлены скрипты автоматизации для создания и обновления SSL-сертификатов с помощью API reg.ru. - Реализованы Git-хуки для Gitea для синхронизации изменений с GitHub после отправки. - Улучшено логирование и обработка ошибок в Git-хуках для улучшения мониторинга и устранения неполадок.
3.0 KiB
Guide to Creating Wildcard Certificate *.dfv24.com in Nginx Proxy Manager and Configuring Automatic SSL Renewal
Step 1. Preparation
- Ensure Nginx Proxy Manager (NPM) is installed and accessible at http://192.168.10.14:81/
- You have access to DNS records for dfv24.com domain in reg.ru control panel or another registrar
Step 2. Creating Wildcard SSL Certificate in Nginx Proxy Manager
-
Log in to Nginx Proxy Manager admin panel at http://192.168.10.14:81/
-
Navigate to SSL Certificates → click Add SSL Certificate button
-
Select Let's Encrypt
-
Fill in the fields:
- Domain Names:
Enter*.dfv24.com— for wildcard certificate
Also recommended to add main domaindfv24.com(comma-separated or in new field) - Email Address:
Specify your Email for Let's Encrypt notifications (required) - HTTP Challenge:
Leave HTTP verification if NPM is accessible from internet on ports 80 and 443, or configure DNS Challenge if supported by your DNS
- Domain Names:
-
Check "Agree to the Let's Encrypt Terms of Service"
-
Click Save
- NPM will begin certificate obtaining process with domain verification.
- Upon successful certificate request, you'll see new certificate in the list.
Step 3. Configuring Automatic Renewal
- Nginx Proxy Manager automatically handles Let's Encrypt certificate renewal.
- For this, server must be accessible from internet on ports 80 and 443, and DNS records must correctly point to your server.
- NPM periodically (usually 30 days before expiration) requests certificate renewal.
- When using DNS Challenge, NPM must have DNS provider integration configured (if supported).
Step 4. Using Wildcard Certificate in Proxy Hosts
-
Go to Proxy Hosts → Create or edit proxy entry
-
In Domain Names field, specify needed subdomain from dfv24.com, for example:
api.dfv24.comorwww.dfv24.com -
In SSL section, select your wildcard certificate
*.dfv24.comthat you obtained in Step 2 -
Enable options:
- Use SSL
- Force SSL
- HSTS (if needed)
-
Save changes.
Step 5. Verification
- Verify that all subdomains use the same certificate
- Visit https://api.dfv24.com or other subdomains from browser
- Ensure certificate is valid, not expired, and issued for *.dfv24.com
- Check certificate renewal status in SSL Certificates section
Additional Information
- If Let's Encrypt cannot perform HTTP Challenge due to closed port, configure DNS Challenge (may require DNS provider API key)
- For security and notifications, keep Email up to date
- Check Nginx Proxy Manager logs to identify renewal errors
Summary
Nginx Proxy Manager allows easy obtaining and automatic renewal of wildcard SSL certificates for *.dfv24.com domain using Let's Encrypt.
Main requirements — properly configured DNS records and internet access on HTTP/HTTPS ports.
Then use one global certificate for all your subdomains through Proxy Hosts settings.