Getting Let's Encrypt certificates in the Hard Way. (ACME deep dive) скачать в хорошем качестве

Getting Let's Encrypt certificates in the Hard Way. (ACME deep dive)

Ever wondered what actually happens when you run certbot or acme.sh? In this video, we pull back the curtain on the ACME (Automated Certificate Management Environment) protocol. While high-level tools make getting an SSL/TLS certificate easy, understanding the "hard way"—performing the steps manually—is the best way to truly grasp how identity and trust are established on the web. We’ll be using Let’s Encrypt (the pioneer of free, automated certificates) and its staging environment to demonstrate the process. 🔑 What We Cover: Identity & Keys: Why ACME is similar to Bitcoin or Ethereum (your identity is your key). JWS (JSON Web Signature): How to sign requests so the CA knows it’s really you. The Directory & Nonces: Navigating the API endpoints and handling security tokens. Account Creation: Registering your public key with Let's Encrypt. The Challenge (DNS-01): Proving domain ownership by modifying DNS records (the _acme-challenge TXT record). The Thumbprint: How to calculate the SHA-256 digest of your public key to satisfy the challenge. CSR & Finalization: Generating a Certificate Signing Request (CSR) and finally downloading your signed PEM certificates. 🛠️ Tools Used: OpenSSL: For key generation and signing. Curl: To interact with the Let's Encrypt API. CoreDNS: To demonstrate the DNS propagation for the domain challenge. Bash/Scripts: For Base64URL encoding and JSON formatting.