Providing SSL Certificates to Web Sites

SSL Certification for Websites

We have to follow this SSL certification for only “apoyar.eu” domain all sites

We have to install the certbot with following command only

• certbot certonly –nginx

• For all websites we are securing should have only TLS 1.2 and 1.3

• We don’t have to use SSL and TLS 1.0 , 1.1

To know, nginx version and certification details we have, go to below path

• cd /etc/nginx

and, run below command

• nginx –V

To know what websites are running on server, go to below path

• cd /etc/nginx/sites-enabled/

and run below command

• grep -rnw '/etc/nginx/sites-available/' -e 'server_name'

For every SSL certification configuration, we have to follow below two redirection

• www --> non-www

• http --> https

for ex. www.apoyar.eu  http://www.apoyar.eu  https://www.apoyar.eu  https://apoyar.eu

How to create DNS CAA record

• Go to go daddy

• Manage DNS

• Select domain and click on add

• Enter the details as per below

Name - @

Flags - 0

Tag – issue

Value – godaddy.com

If we have generated certificate from letsencrypt we can add CAA record for that with only changing value field with

Name - @

Flags – 0

Tag – issue

Value – letsencrypt.org

Note-

To check websites Security level and Certification details, Go to https://www.ssllabs.com/ssltest/ and enter website name (ex. apoyar.eu) and click submit, it will give you a summary of all security and certificates.

To determine which Certification authority (first column) has which DNS CAA string (second column) go to below link

https://www.entrust.com/knowledgebase/ssl/certification-authority-authorization-caa-record-ca-values