Comments (2)
Thanks for the suggestion @bari86
A few points of clarification, also per our Discord discussion:
Firstly, SlickStack is HTTPS-only meaning that HSTS is hardcoded in our Nginx configuration and any HTTP requests are force redirected to the HTTPS version of the website too. Port 80 is enabled only for the Nginx "catch all" server block.
Next is that there should be no need to disable the Cloudflare proxy during Certbot verification... the way SlickStack installs Nginx defaults to using self-signed OpenSSL certificates. Even if you choose Let's Encrypt in ss-config
it will still install OpenSSL to Nginx temporarily, to allow Certbot to verify the domain via self-signed HTTPS (this is for brand new installations only... for sites already loading fine over SSL there's less to worry about).
The Cerbot webroot verification works fine, as per my ongoing tests. However, on brand new SlickStack servers, for some reason the ss-install
needs to be run twice in order to for Certbot to verify the domain... I'm not sure why (yet), but I suspect it's something to do with IPv6 and/or Cloudflare.
Lastly, SlickStack defaults to using DNS verification for Certbot when WP Multisite is enabled in ss-config
... we did this to avoid scenarios in Multisite networks such as customers coming and going, messing up their domain settings, file permissions and security issues with shared public root folders, and such. We were also planning on trying to get wildcard support working and multi-domain verification, but for now it seems to be too difficult to address.
I provide this background for Googlers and to explain that yes, we can consider supporting DNS verification for normal (single site) SlickStack servers, but it shouldn't be "necessary" per se.
from slickstack.
Here's a DNS solution with the acme.sh client and Cloudflare API:
We started playing with the acme client (we even have a bash script for it already) but never got around to testing it... I'm not sure how many options we want to maintain in SlickStack for Let's Encrypt.
from slickstack.
Related Issues (20)
- Auto restart MySQL service if it went down HOT 2
- MySQL and/or Redis crashing sometimes on Ubuntu 20.04 HOT 4
- Consider replacing Nginx with Caddy HOT 7
- Exiting ss-update-config: There is a version mismatch between this script and public mirrors.. HOT 1
- Migration slickstack between VPS to VPS HOT 1
- change php version and Install ioncube loader HOT 4
- Install freeze on Running ss-install-redis-packages... HOT 3
- Website very slow loading inside apps ios HOT 3
- CERT_AUTHORITY_INVALID After install HOT 1
- SUDO_USER and SFTP_USER validation check to avoid conflicts? HOT 2
- Perform custom tasks during certain SlickStack scripts HOT 1
- Invalid user mysql:mysql error when using remote database
- Ensure more privacy for openssl cert generation. HOT 11
- SS_ADMINER_PUBLIC="false" does not work as intended. HOT 9
- Allow tuning of PHP8 JIT settings (opcache.jit options in php.ini) HOT 4
- Cloudflare real visitor IP support in Nginx config HOT 18
- Option to allow only Cloudflare IPs to connect to origin server HOT 2
- OpenVZ PHP-FPM "Unable to set priority for the master process: Permission denied" HOT 8
- Support for custom Permissions Policy HTTP header in Nginx HOT 6
- Improve WP-Cron robustness for Multisite environments HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from slickstack.