SSL

安全性測試

• ssl labs

• cloudflare ssl-test

• testssl

LetsEncrypt

create a credentials in ~/.secrets/certbot/cloudflare.ini

# Cloudflare API credentials used by Certbot
dns_cloudflare_email = <your mail>
dns_cloudflare_api_key = <your apiKey>

install plugins

certbot -i certbot-dns-cloudflare

or

pip3 install certbot-dns-cloudflare

chmod

chmod 700 ~/.secrets/certbot/cloudflare.ini

run command

certbot certonly --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -d dns.weiting.me

renew

certbot renew --quiet

set crontab

docker Run

pem to pfx

openssl pkcs12 -in cert.pem -inkey privkey.pem -export -out server.pfx

testssl

docker run -it --rm --init drwetter/testssl.sh url