Get and install SSL certificate

[Joe-Heffer-Shef]

Get an SSL certificate from [email protected]

Ticket reference: SHEF 2502 1502

Regarding using a non-ITS domain with the the SSL certificate:

If they want a cert for the domain they have purchased they need to make some changes to the config in Certbot. For example the DNS server/port is pointing to UoS DNS server. They need to point it to whoever is the DNS server for their domain and they'll need to create the DNS TXT record in the DNS - usually this is controlled in the place where the domain name was purchased
Another option if port 80 is open for the site and available publicly on the Internet they can do http validation (which is the standard option). It will ask for the creation of a file placed in a directory on the web server.
It's something like http://domain.com/.well-known/
Here are instructions which will help with http validation https://certbot.eff.org/instructions?ws=other&os=snap

[twinkarma]

Found some instructions here on getting a cert without opening up port 80 but by adding a cname to the DNS record (https://www.digitalocean.com/community/tutorials/how-to-acquire-a-let-s-encrypt-certificate-using-dns-validation-with-acme-dns-certbot-on-ubuntu-18-04).

This worked for me and certbot should now be able to auto renew. I'll update the deployment docs soon with the instructions.

[Joe-Heffer-Shef]

They're generating a certificate now