Differences

This shows you the differences between two versions of the page.

--- blocks:server:nginx [2025-09-15 12:14] – [Acquire Let's Encypt certificates using DNS-01 challenge] mattias
+++ blocks:server:nginx [2025-09-17 06:41] (current) – [Using Local Wifi] mattias
@@ Line 51: / Line 51: @@
 Make sure to keep the space  after //server_name// as well as the semicolon after the domain name. Save the result by pressing ctrl-O followed by the Enter key, then exit the //nano// editor by ctrl-X.
-Make sure you've set good, strong passwords on all your Blocks users. Finally, while still as the //root// user, run the following commands, pressing enter after each. The first of these commands checks your new nginx configuration for errors. Pay close attention to any error messages that may appear.
+Make sure you've set good, strong passwords on all your Blocks users.
+Before thenext step, test if certbot has the potential to work by visiting [[https://letsdebug.net/]]. This is a pretest/debugger to make sure everything seem to work with the certbot HTTP-01 challenge. Finally, while still as the //root// user, run the following commands, pressing enter after each. The first of these commands checks your new nginx configuration for errors. Pay close attention to any error messages that may appear.
 <code>
@@ Line 99: / Line 100: @@
   - You must provide internet access to your visitors through your local wifi. This is required both to expedite the wifi connection (many phones will hesitate to connect to a wifi that doesn't have internet access) and to access the DNS.
   - Your DNS entry must point to the IP address of your intranet Blocks server, now (hopefully) accessible through your wifi. That means that any attempts to access it from the internet will fail (since it's only available while on the in-house wifi). An "official" DNS entry is required since many smartphones and browsers use some form of "secure DNS", such as [[https://en.wikipedia.org/wiki/DNS_over_HTTPS|DNS over HTTPS]], and will ignore any in-house DNS.
-  - You can't use the automatic "certbot" method mentioned above to obtain a certificate. You must instead use a more complicated DNS-based method.
+  - You can't use the automatic "certbot" method mentioned above to obtain a certificate. [[blocks:server:nginx:dns01_challenge|You must instead use a more complicated DNS-based method]].
-====Acquire Let's Encypt certificates using DNS-01 challenge====
-This outlines the principle steps to set up automatic certificate renewals on an internal server.
-For this to work the server must have internet access. Digital ocean will be used as example here but the same principles apply to many major dns providers..
-Make sure you have a blocks system that works over http before attempting to att secure content over https.
-For DNS-01 challange to work on must use a DNS provider that has api access and a plugin that can make use of that api and work with the Let's Encypts cerbot.  E.g, Digital Ocean, Cloudflare, GoDaddy and many others providers has plugins or methods for this.
-===Principle steps===
-Outline of the steps involved:
-  -   Purchase a suitable domain for your project from a domain registrar.
-  -   Configure the domain at the registrar to use your DNS provider's name servers.
-  -   Create an account at a dns provider unless you already have one.
-  -   Create an api token with the dns provider that the certbot can use to make its api calls. :!: Make it as restricted as possible!
-  - Create a file to store the api token or secret. Typically stored in an .ini file under /etc/letsencrypt/
-  - make sure the necessary cert-bot plugin is installed. Follow the dns providers instructions.
-  - run the certbot
-  - Configure nginx to handle the incoming requests the way you want.
-===Example of using Digital Ocean as dns provider===
-  -    At the domain name registrar, configure the domain to use Digital Oceans nameservers.
-  -