Editing Providing SSL Certificates to Web Sites

SSL Certification for Websites
---------------------------------

We have to follow this SSL certification for only “apoyar.eu” domain all sites

We have to install the certbot with following command only

•	certbot certonly –nginx

•	For all websites we are securing should have only TLS 1.2 and 1.3

•	We don’t have to use SSL and TLS 1.0 , 1.1 

To know, nginx version and certification details we have, go to below path

•	cd /etc/nginx

and, run below command

•	nginx –V

To know what websites are running on server, go to below path

•	cd /etc/nginx/sites-enabled/

and run below command

•	grep -rnw '/etc/nginx/sites-available/' -e 'server_name'

For every SSL certification configuration, we have to follow below two redirection

•	www --> non-www

•	http --> https

for ex.
www.apoyar.eu  http://www.apoyar.eu  https://www.apoyar.eu  https://apoyar.eu 


How to create DNS CAA record 

•	Go to go daddy

•	Manage DNS

•	Select domain and click on add

•	Enter the details as per below 

Name - @

Flags - 0

Tag – issue

Value – godaddy.com

If we have generated certificate from letsencrypt we can add CAA record for that with only changing value field with

Name - @

Flags – 0

Tag – issue

Value – letsencrypt.org

Note-

To check websites Security level and Certification details, Go to https://www.ssllabs.com/ssltest/ and enter website name (ex. apoyar.eu) and click submit, it will give you a summary of all security and certificates. 
 
To determine which Certification authority (first column) has which DNS CAA string (second column) go to below link 

https://www.entrust.com/knowledgebase/ssl/certification-authority-authorization-caa-record-ca-values