POST-Autorenewing wildcard LetsEncrypt certificates on Namecheap using certbot + acme-dns

2019-02-09 20:06:31 -05:00
1 changed files with 3 additions and 3 deletions
--- a/blog.bryanroessler.com/_posts/2019-02-09-automatic-certbot-namecheap-acme-dns.md
+++ b/blog.bryanroessler.com/_posts/2019-02-09-automatic-certbot-namecheap-acme-dns.md
@@ -94,7 +94,7 @@ Restart=on-failure
 WantedBy=multi-user.target
 ```

-Note (Ubuntu 18.04+): you can security-harden the above script on distros running newer kernels by executing as a non-privileged user in conjunction with the `AmbientCapabilities=CAP_NET_BIND_SERVICE` line. However, older kernels will cause systemd to choke on that line during service startup. If you choose to execute as a non-root user make sure to chown the `/etc/acme-dns/` and `/var/lib/acme-dns` directories!
+Note (Ubuntu 17.04+): you can security-harden the above script on distros running newer kernels by executing as a non-privileged user in conjunction with the `AmbientCapabilities=CAP_NET_BIND_SERVICE` line. However, older kernels will cause systemd to choke on that line during service startup. If you choose to execute as a non-root user make sure to chown the `/etc/acme-dns/` and `/var/lib/acme-dns` directories!

 4. Enable the service to run on startup and run it now: `sudo systemctl daemon-reload && sudo systemctl enable --now acme-dns.service`

@@ -104,8 +104,8 @@ Great, now you've got a DNS authentication server that can respond to ACME chall

 You will need to add two DNS records:

-1. an NS record for acme.<yoursite\>.com pointing to ns1.auth.\<yoursite\>.com
-2. a record for ns1.auth.<yoursite\>.com pointing to the public IP address of your host
+1. an NS record for acme.<yoursite\>.com pointing to ns1.acme.\<yoursite\>.com
+2. a record for ns1.acme.<yoursite\>.com pointing to the public IP address of your host

 Example: ![Example Namecheap DNS records](../assets/images/2019/02/example-namecheap-dns-records.png)