The link says - video is unavailable - This video is private. Could you make this video public - Thanks

@@Fayaz-Rehman It will be availabe on Monday, here is a first part - kzbin.info/www/bejne/iGbHXpuEbrqnprc

@@AntonPutra Thanks

You're welcome Hưng!

Thanks! :)

Thanks Sean!

Welcome

Thank you!

Thanks!

You're very welcome!

Thanks!

Coming soon!

Glad you liked it!

Thank you for pointing this out.

Glad to hear that!

You're welcome Jørgen :)

Thank you:)

@@AntonPutra Do you have discord channel?

​@@wduandy I don't have it. Do you think I should sign up?

@@AntonPutra Of course!! Your channel has a HUGE potential! You should invest on the audience 🤗

@@wduandy will do))

Thank you Rafael!

@@AntonPutra I'm trying now to renew automatically via cron job, but without success Running: certbot renew --break-my-certs --force-renewal --preferred-challenges dns Break my certs and force renewal only to test, I will remove those flags, but the command keeps returning me this: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.'). Skipping I will search about this error now. I appreciate If you know how to solve :)

@@RafaelAmbrosio I can try to help, but only later tonight. Meanwhile, if you find the solution pls let me know.

@@AntonPutra I think I did it I'm using cloudflare, so was needed to install dns-cloudflare plugin. This tutorial can help (it is in portuguese, but I'm brazilian, so It's ok for me :D ) -> mindnotes.sh/integrando-certbot-com-dns-da-cloudflare/ In my case was different because I'm using certbot on docker, So I pulled this image -> hub.docker.com/r/certbot/dns-cloudflare to replace the standard image I was usgin And then followed this tutorial to pass the right flags to command and create the cloudflare api key and cloudflare.ini -> certbot-dns-cloudflare.readthedocs.io/en/stable/ chmod 600 to ini file... So after creating the certificate following your tutorial, I was able to run renew command: certbot renew --preferred-challenges dns --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini And you can remove the _acme_challenge TXT that you created before, because the renew command uses your api key to enter on cloudflare dns zone, create temporary TXT entry and delete it automatically

You're welcome😊

thanks :)

Thank you, keep getting this a lot :)

Thank you Andrés!

You would need to use cert-manager and configure the issuer to talk to letsencrypt server. I have a video but not wildcard just yet - kzbin.info/www/bejne/lZuomK2nrrqKgac

If you are using wildcard certificate, it should cover all your subdomains.

Thank you! Cheers!

There are two main methods to get a TLS certificate from letsencrypt. HTTP-01 challenge - cert-bot will create a URL endpoint on your web server with a special token provided by lets-encrypt. DNS-01 challenge, there you need to prove that you own your domain by setting a TXT record. It is a little bit harder to automate than HTTP-01. If your ISP blocks port 80, I would suggest you go with the DNS-01 challenge. You can take a look at this one - kzbin.info/www/bejne/bZuoq5yle9ishNE

The general rule is 24 to 48 hours, but based on my experience, it never takes longer than few minutes. You can close the terminal, or I would suggest that you applied your changes to DNS.

you can manually remove it from ngnix spec

Can you verify in the browser that your certificate is valid and up to date?

Not sure if i follow, 8.8.8.8 is a Google dns server and 192.168.1.1 is a router ip

Do you have "listen 443" directive in server block? You also need to restart or reload nginx "systemctl restart nginx". Try to check if the port open from. the host as well with "nc -vz localhost 443"

@@AntonPutra thanks for your prompt response, Anton. Actually I was forgetting to syslink configuration from available-sites to enabled-sites. Nice content, btw. Thanks for your tutorials.

@@dinaiswatching Thanks :)

Thank you for the question, tutorials for vault is in my pipeline

Sure here is the official tutorial - certbot.eff.org/lets-encrypt/ubuntufocal-haproxy. The video is processing by KZbin it will be available on Monday.

@@AntonPutra Thank you again - much appreciated.

There is a certbot apache plugin, but I have not tried it myself certbot.eff.org/all-instructions

@@AntonPutra thankss broo I'm tired using shared hosting, 100% ram using, server crashing multiple times and don't have money for vps and wildcard ssl, so i decided self Hosting. Hope it's good idea.

@@salexkorsan8790 It's a pretty hot topic, I will definitely explore and create tutorial for apache wildcard cert, but it's going to be in couple weeks only..

@@AntonPutra broo tell me one thing , I'm installed this certificate in cpanel, subdomain ssl not works with www , it's working only without www on subdomain what do i do ?? Any solution ?

​@@salexkorsan8790 well, probably you don't need a wildcard cert at all. When you request your certificate you need to make sure that you specify both domains including www subdomain. You should use "Subject Alternative Name" field.

Let me try to create a renewal script, and perhaps update it here or create a new video.

@@AntonPutra Hi Anton, Any news on the update script. My certs are expired and I cannot update them via the renew procedure. Thx, PPee

@@ppeeppee5800 there is a slightly different approach but may work for you - kzbin.info/www/bejne/bmK3fIR_oZalebc

You can follow this - certbot.eff.org/lets-encrypt/ubuntufocal-apache

Can you share the error?

yes, please check 2021/07/18 12:38:32 [crit] 799125#799125: *135 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 35.203.245.145, server: 0.0.0.0:443 This error is happening when I ma opening website through Android

A searched but could not find any solution to this really-simple-ssl.com/knowledge-base/ssl-working-desktop-not-mobile-android-devices/

@@MrRahul15937 I found only this one, client outdated, maybe your client does not support new ciphers on the server... stackoverflow.com/questions/65854933/nginx-ssl-error141cf06cssl-routinestls-parse-ctos-key-sharebad-key-share

Did you test any of your website on android phones? My device is less than a year old .

What is IIS?

@@AntonPutra its windows based web server

Welcome!

my pleasure!