violet_rails icon indicating copy to clipboard operation
violet_rails copied to clipboard

Published 20 hours ago verified publisher icon restarone

namecheap DNS with AWS hosting docs

Open donrestarone opened this issue 3 years ago • 0 comments

Flushing your DNS cache makes testing these changes quicker. On the latest version of Mac OS the command is:

sudo killall -HUP mDNSResponder

research

  1. setup wildcard domain: https://www.namecheap.com/support/knowledgebase/article.aspx/597/2237/how-can-i-set-up-a-catchall-wildcard-subdomain/

A record with Host = * and Value = IP address

  1. since Namecheap does not allow multiple TXT records delineated by "" (like AWS Route 53) we have to setup the wildcard domain with lets encrypt a different way: https://medium.com/@cubxi/add-wildcard-lets-encrypt-certifications-with-namecheap-6a466df0886f

note that this does not allow for accessing your site on the apex domain. eg: yoursite.com will not work-- but www.yoursite.com (or *.yoursite.com) will work

EDIT: namecheap allows duplicate TXT records (https://community.letsencrypt.org/t/wildcard-txt-limitation/80426)

To revisit at a later date

nslookup -type=TXT _acme-challenge.yoursite.com
  1. lets encrypt certificate save path
ubuntu@ip-172-31-44-85:~$ sudo certbot certonly --manual --preferred-challenges=dns --email [email protected] --server https://acme-v02.api.letsencrypt.org/directory  --agree-tos --manual-public-ip-logging-ok -d "*.yourdomain.com" 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for yoursite.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.yoursite.com with the following value:

6n8ergsergsgzscQaAKulpqTdWDgh-bGkgnUU

Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/yoursite.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/yoursite.com/privkey.pem
   Your cert will expire on 2022-11-30. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

donrestarone avatar Sep 01 '22 17:09 donrestarone