Difference between revisions of "Let's Encrypt ESXi VPS"

From Comprofix
Jump to: navigation, search
Line 55: Line 55:
  
 
<span style="color:red"> '''This is a work in progress. Currently this is just notes. Use at your own risk''' </span>
 
<span style="color:red"> '''This is a work in progress. Currently this is just notes. Use at your own risk''' </span>
 +
 +
== Enable SSH and Update Firewall Rules ==
  
 
* From your ESXi VPS. Edit Security Rules to allow SSH Access from one of your failover IP's ONLY.
 
* From your ESXi VPS. Edit Security Rules to allow SSH Access from one of your failover IP's ONLY.
 +
* Enable the SSH Shell from Services. And set to start and stop with the machine.
 +
 +
== Install Debian Server ==
 +
 +
* Install Debian Server
 +
* Set the IP to the above Failover IP used in the Firewall Rule.
 +
* Install Extra Packages - git curl zsh vim
 +
* Test SSH from server to ESXi Server
 +
* Generate SSH Keys between server and esxi host
 +
* Upload SSH Keys to ESXi
 +
* Test SSH Key Login to ESXi
 +
 +
== Install acme.sh ==

Revision as of 16:51, 21 May 2018

Manually Update Certificates

Generating the Certificate

Generate-openssl.png

  • Open a Command Prompt
  • Change to your OpenSSL Folder
cd \OpenSSL\bin
  • Copy and paste your generated command from above

Generate-csr.png

  • Open Your Key File in Notepad
  • Visit https://zerossl.com/free-ssl/#crt
  • Copy and paste the contents of your Key file you have open in Notepad into the CSR section
  • Accept ZeroSSL TOS and Accept Let’s Encrypt SA and click Next

Zerossl-csr-rsa.png

  • This will generate a RSA for LetsEncrypt
  • Download a copy of your Generated RSA Key. We don’t need this at this time, but we need to download it to continue.
  • Select DNS verification and Click Next
  • Update your DNS TXT records with the information provided.
  • Once DNS has been updated Click Next
  • The certificate will be generated. Download the certificate – domain-crt.txt

Upload your Certificate to ESXi

  • Now you should have two files required for ESXi. esxi_comprofix_com.key file (name depends on what you used in the CSR command) and a domain-crt.txt which is the certificate.
  • Rename your key file to rui.key
  • Rename domain-crt.txt to rui.crt
  • Connect to your ESXi Machine and shutdown any running VMs
  • Put the ESXi Machine into “Maintenance Mode”
  • Enable SSH on your ESXi VPS
  • Download and Install WinSCP – https://winscp.net/eng/download.php
  • Open WinSCP and connect to your ESXi Machine
  • Navigate to the Folder /etc/vmware/ssl
  • Rename the file /etc/vmware/ssl/rui.key to /etc/vmware/ssl/rui.key.bak
  • Rename the file /etc/vmware/ssl/rui.crt to /etc/vmware/ssl/rui.key.crt
  • Upload your rui.key and rui.crt file to /etc/vmware/ssl
  • Download the Putty SSH Client – http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
  • Connect to your ESXi machine using Putty
  • Run the command – services.sh restart

Putty-esxi.png

  • This will restart the ESXi Services
  • Take you ESXi Machine out of “Maintenance Mode”
  • Open a Web Browser and visit your ESXi VPS Domain Name that you created.

Esxi-certificate-info.png

Congratulations you should now have a Secured SSL Certificate on your ESXi VPS

Automatically update Certificates

This is a work in progress. Currently this is just notes. Use at your own risk

Enable SSH and Update Firewall Rules

  • From your ESXi VPS. Edit Security Rules to allow SSH Access from one of your failover IP's ONLY.
  • Enable the SSH Shell from Services. And set to start and stop with the machine.

Install Debian Server

  • Install Debian Server
  • Set the IP to the above Failover IP used in the Firewall Rule.
  • Install Extra Packages - git curl zsh vim
  • Test SSH from server to ESXi Server
  • Generate SSH Keys between server and esxi host
  • Upload SSH Keys to ESXi
  • Test SSH Key Login to ESXi

Install acme.sh