Now it comes as a blessing for the devops community who want to use SmokyHosts VPS for devops automations!
Note: These certificates are valid only for 6 days. So make sure you have your cronjob setup to auto-renew the certificates every 5 days atleast.
Here are the steps to setup SSL certificates for IP addresses
Code: Select all
# To install or update acme.sh
curl https://get.acme.sh | sh
source ~/.bashrcCode: Select all
# Obtain the IP Certificate using acme
acme.sh --issue -d 1.2.3.4 --webroot /var/www/html --server letsencrypt --always-force-new-profile --certificate-profile shortlivedCode: Select all
# Obtain the IP Certificate using certbot (you need to obtain IP Certificate either via acme.sh or via certbot. Either one is sufficient. Both are not requried.
certbot certonly -d 1.2.3.4 --certificate-profile shortlivedCode: Select all
# Deployment (Nginx Example)
server {
listen 443 ssl;
server_name 1.2.3.4; # Your Public IP
ssl_certificate /path/to/fullchain.cer;
ssl_certificate_key /path/to/your.key;
# Highly recommended for short-lived certs
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
}Code: Select all
# Deployment (Apache Example)
<VirtualHost *:443>
# Use your Public IP as the ServerName
ServerName 1.2.3.4
**** /var/www/html
SSLEngine on
# Paths to your Let's Encrypt IP certificates
SSLCertificateFile /etc/letsencrypt/live/1.2.3.4/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/1.2.3.4/privkey.pem
# Security Best Practices
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite HIGH:!aNULL:!MD5
<Directory /var/www/html>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>