Difference between revisions of "Let's Encrypt ESXi VPS"

From Comprofix
Jump to: navigation, search
Line 69: Line 69:
 
* Generate SSH Keys between server and esxi host
 
* Generate SSH Keys between server and esxi host
 
* Upload SSH Keys to ESXi
 
* Upload SSH Keys to ESXi
* Test SSH Key Login to ESXi
+
* Test SSH Login to ESXi, it should not ask you for a password.
  
== Install acme.sh ==
+
== Install Web Server ==
 +
 
 +
* Create a DNS A record to point to your VPS. ''eg: vps.mydomain.com''
 +
* Install nginx

Revision as of 02:19, 22 May 2018

Manually Update Certificates

Generating the Certificate

Generate-openssl.png

  • Open a Command Prompt
  • Change to your OpenSSL Folder
cd \OpenSSL\bin
  • Copy and paste your generated command from above

Generate-csr.png

  • Open Your Key File in Notepad
  • Visit https://zerossl.com/free-ssl/#crt
  • Copy and paste the contents of your Key file you have open in Notepad into the CSR section
  • Accept ZeroSSL TOS and Accept Let’s Encrypt SA and click Next

Zerossl-csr-rsa.png

  • This will generate a RSA for LetsEncrypt
  • Download a copy of your Generated RSA Key. We don’t need this at this time, but we need to download it to continue.
  • Select DNS verification and Click Next
  • Update your DNS TXT records with the information provided.
  • Once DNS has been updated Click Next
  • The certificate will be generated. Download the certificate – domain-crt.txt

Upload your Certificate to ESXi

  • Now you should have two files required for ESXi. esxi_comprofix_com.key file (name depends on what you used in the CSR command) and a domain-crt.txt which is the certificate.
  • Rename your key file to rui.key
  • Rename domain-crt.txt to rui.crt
  • Connect to your ESXi Machine and shutdown any running VMs
  • Put the ESXi Machine into “Maintenance Mode”
  • Enable SSH on your ESXi VPS
  • Download and Install WinSCP – https://winscp.net/eng/download.php
  • Open WinSCP and connect to your ESXi Machine
  • Navigate to the Folder /etc/vmware/ssl
  • Rename the file /etc/vmware/ssl/rui.key to /etc/vmware/ssl/rui.key.bak
  • Rename the file /etc/vmware/ssl/rui.crt to /etc/vmware/ssl/rui.key.crt
  • Upload your rui.key and rui.crt file to /etc/vmware/ssl
  • Download the Putty SSH Client – http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
  • Connect to your ESXi machine using Putty
  • Run the command – services.sh restart

Putty-esxi.png

  • This will restart the ESXi Services
  • Take you ESXi Machine out of “Maintenance Mode”
  • Open a Web Browser and visit your ESXi VPS Domain Name that you created.

Esxi-certificate-info.png

Congratulations you should now have a Secured SSL Certificate on your ESXi VPS

Automatically update Certificates

This is a work in progress. Currently this is just notes. Use at your own risk

Enable SSH and Update Firewall Rules

  • From your ESXi VPS. Edit Security Rules to allow SSH Access from one of your failover IP's ONLY.
  • Enable the SSH Shell from Services. And set to start and stop with the machine.

Install Debian Server

  • Install Debian Server
  • Set the IP to the above Failover IP used in the Firewall Rule.
  • Install Extra Packages - git curl zsh vim
  • Test SSH from server to ESXi Server
  • Generate SSH Keys between server and esxi host
  • Upload SSH Keys to ESXi
  • Test SSH Login to ESXi, it should not ask you for a password.

Install Web Server

  • Create a DNS A record to point to your VPS. eg: vps.mydomain.com
  • Install nginx