mirror of
				https://github.com/kevinveenbirkenbach/computer-playbook.git
				synced 2025-10-25 07:27:23 +00:00 
			
		
		
		
	This commit restructures systemctl service definitions and category mappings. Motivation: Alarm-related bugs revealed inconsistencies in service and role handling. Preparation step: lays the groundwork for fixing the alarm issues by aligning categories, roles, and service templates.
		
			
				
	
	
		
			37 lines
		
	
	
		
			1.3 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
			
		
		
	
	
			37 lines
		
	
	
		
			1.3 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
| ## **🔐 Wildcard Certificate Setup with Let's Encrypt**
 | ||
| If you enabled `enable_wildcard_certificate`, follow these steps to manually request a **wildcard certificate**.
 | ||
| 
 | ||
| ### **1️⃣ Run the Certbot Command 🖥️**
 | ||
| ```sh
 | ||
| certbot certonly --manual --preferred-challenges=dns --agree-tos \
 | ||
| --email administrator@PRIMARY_DOMAIN -d PRIMARY_DOMAIN -d "*.PRIMARY_DOMAIN"
 | ||
| ```
 | ||
| 
 | ||
| ### **2️⃣ Add DNS TXT Record for Validation 📜**
 | ||
| Certbot will prompt you to add a DNS TXT record:
 | ||
| ```
 | ||
| Please create a TXT record under the name:
 | ||
| _acme-challenge.PRIMARY_DOMAIN.
 | ||
| 
 | ||
| with the following value:
 | ||
| 9oVizYIYVGlZ3VtWQIKRS5UghyXiqGoUNlCtIE7LiA
 | ||
| ```
 | ||
| ➡ **Go to your DNS provider** and create a new **TXT record**:  
 | ||
|    - **Host:** `_acme-challenge.PRIMARY_DOMAIN`  
 | ||
|    - **Value:** `"9oVizYIYVGlZ3VtWQIKRS5UghyXiqGoUNlCtIE7LiA"`  
 | ||
|    - **TTL:** Set to **300 seconds (or lowest possible)**  
 | ||
| 
 | ||
| ✅ **Verify the DNS record** before continuing:  
 | ||
| ```sh
 | ||
| dig TXT _acme-challenge.PRIMARY_DOMAIN @8.8.8.8
 | ||
| ```
 | ||
| 
 | ||
| ### **3️⃣ Complete the Certificate Request ✅**
 | ||
| Once the DNS changes have propagated, **press Enter** in the Certbot terminal.  
 | ||
| If successful, Certbot will save the certificates under:  
 | ||
| ```
 | ||
| /etc/letsencrypt/live/PRIMARY_DOMAIN/
 | ||
| ```
 | ||
| - **fullchain.pem** → The certificate  
 | ||
| - **privkey.pem** → The private key  
 |