💾 Archived View for thebackupbox.net › ~epoch › blog › certs captured on 2024-12-17 at 10:12:47. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-07-09)
-=-=-=-=-=-=-
I guess I'll put this into Makefile format.
partially stolen from my letsencrypt repo.
//git.thebackupbox.net/letsencrypt
you'll want to replace my domain with your own domain.
and if you use the acme-tiny part, you'll want to change the acme-dir to your own.
keys/%.key.pem: openssl req -x509 -newkey rsa:4096 -keyout $@ -nodes
self-signed/%.crt: keys/%.key.pem
openssl req -x509 -key {body}lt; -out $@ -sha256 -days 365
these first two things should be all that you need for gemini.
if you are interested in also getting your cert signed...
this line has a bit of extra stuff that goes with it...
the config file contains sections where I put subjectAltName like:
[_https] subjectAltName=DNS:git.thebackupbox.net,DNS:www.thebackupbox.net
csr/%.csr: keys/%.key.pem
openssl req -new -sha256 -key {body}lt; -subj "/CN=thebackupbox.net" -reqexts _$* -config openssl.cnf > $@
LE-signed/%.crt: csr/%.csr
./acme-tiny/acme_tiny.py --account-key keys/.account.key.pem --csr {body}lt; --acme-dir /var/www/sites/hacking/.well-known/acme-challenge > $@.tmp && mv -f $@.tmp $@ || rm $@.tmp