Apoyar Wiki

SSL Certification for Websites

Revision as of 03:23, 5 January 2021 by 152.57.20.93 (talk)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

"SSL Certification for Websites"


We have to follow this SSL certification for only “apoyar.eu” domain all sites

We have to install the certbot with following command only

• certbot certonly –nginx

• For all websites we are securing should have only TLS 1.2 and 1.3

• We don’t have to use SSL and TLS 1.0 , 1.1

To know, nginx version and certification details we have, go to below path

• cd /etc/nginx

and, run below command

• nginx –V

To know what websites are running on server, go to below path

• cd /etc/nginx/sites-enabled/

and run below command

• grep -rnw '/etc/nginx/sites-available/' -e 'server_name'

For every SSL certification configuration, we have to follow below two redirection

• www --> non-www

• http --> https

for ex. www.apoyar.eu  http://www.apoyar.euhttps://www.apoyar.euhttps://apoyar.eu

How to create DNS CAA record

• Go to go daddy

• Manage DNS

• Select domain and click on add

• Enter the details as per below

Name - @

Flags - 0

Tag – issue

Value – godaddy.com

If we have generated certificate from letsencrypt we can add CAA record for that with only changing value field with

Name - @

Flags – 0

Tag – issue

Value – letsencrypt.org


Note –

To check websites Security level and Certification details, Go to https://www.ssllabs.com/ssltest/ and enter website name (ex. apoyar.eu) and click submit, it will give you a summary of all security and certificates.


To determine which Certification authority (first column) has which DNS CAA string (second column) go to below link https://www.entrust.com/knowledgebase/ssl/certification-authority-authorization-caa-record-ca-values

Retrieved from ‘https://wiki.apoyar.eu/index.php?title=SSL_Certification_for_Websites&oldid=139