Difference between revisions of "SSL - ESXi"

From The TinkerNet Wiki
Jump to navigation Jump to search
Line 26: Line 26:
 
*<code>sudo scp /etc/letsencrypt/live/NAME.DOMAIN.TLD/fullchain.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.crt</code>
 
*<code>sudo scp /etc/letsencrypt/live/NAME.DOMAIN.TLD/fullchain.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.crt</code>
 
*<code>sudo scp /etc/letsencrypt/live/NAME.DOMAIN.TLD/privkey.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.key</code>
 
*<code>sudo scp /etc/letsencrypt/live/NAME.DOMAIN.TLD/privkey.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.key</code>
*<code>ssh root@NAME.DOMAIN.TLD reboot</code>
+
*<code>ssh root@NAME.DOMAIN.TLD /etc/init.d/rhttpproxy restart</code>
  
 
Of course, you'll replace '''NAME.DOMAIN.TLD''' with the actual name of your server...
 
Of course, you'll replace '''NAME.DOMAIN.TLD''' with the actual name of your server...

Revision as of 23:21, 16 September 2020

Installing manual certs on an ESXi server

PIKEDOM.COM has some very good instructions.

Something to know if you got your certs from certbot:

  • The file you're replacing rui.crt with is either cert.pem or fullchain.pem (depending on whether you've set up with one or more than one domain in your certs.
  • The file you're replacing rui.key with is privkey.pem.
  • Both of the files from certbot may have a number attached to the end of the filename itself.

So...

SSH into the server...

  • cd /etc/vmware/ssl
  • mv rui.crt orig.rui.crt
  • mv rui.key orig.rui.key
  • vi rui.crt
    • Paste in the content of fullchain.pem
  • vi rui.key
    • Paste in the content of privkey.pem
  • reboot

Using SCP to install the certs

You should be able directly install certs on your ESXi server thanks to vmWares bad habit of allowing SSH as root...

  • sudo scp /etc/letsencrypt/live/NAME.DOMAIN.TLD/fullchain.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.crt
  • sudo scp /etc/letsencrypt/live/NAME.DOMAIN.TLD/privkey.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.key
  • ssh root@NAME.DOMAIN.TLD /etc/init.d/rhttpproxy restart

Of course, you'll replace NAME.DOMAIN.TLD with the actual name of your server...