ESXi 6.x SSL

Setup certbot for DNS challenges:


dns_cloudflare_email = ""
dns_cloudflare_api_key = "4003c330b45f4fbcab420eaf66b49c5cbcab4"

sudo apt update
sudo apt install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt update
sudo apt install certbot python-certbot-nginx python3-certbot-dns-cloudflare

sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials ~/cloudflare.ini \
-d,* --preferred-challenges dns-01 --dry-run

# copy certs to ESXi host
# Importing Variables
status "Importing Variables"

# Read ESXiHost
input "Enter the FQDN for the certificate/host in host.domain.tld format" "ESXiHost"

# Read ESXiUser
input "Enter ESXi target admin username" "ESXiUser"

# Prompt user to confirm/enable SSH on ESXi target
pressanykey "Confirm/Enable SSH access on $ESXiHost."

# Check for existing ssh keys for esxi host
status "Checking for existing ssh keys for $ESXiHost"

# Backup existing SSL components on ESXi target
status "Backing up existing certificates on $ESXiHost"
time=$(date +%Y.%m.%d_%H:%M:%S)
ssh $ESXiUser@$ESXiHost "cp /etc/vmware/ssl/castore.pem /etc/vmware/ssl/castore.pem.back.$time"
ssh $ESXiUser@$ESXiHost "cp /etc/vmware/ssl/rui.crt /etc/vmware/ssl/rui.crt.back.$time"
ssh $ESXiUser@$ESXiHost "cp /etc/vmware/ssl/rui.key /etc/vmware/ssl/rui.key.back.$time"

# Copy letsencrypt cert to ESXi target
status "Coping letsencrypt cert to $ESXiHost"
sudo scp /etc/letsencrypt/live/$ESXiHost/fullchain.pem $ESXiUser@$ESXiHost:/etc/vmware/ssl/castore.pem
sudo scp /etc/letsencrypt/live/$ESXiHost/cert.pem $ESXiUser@$ESXiHost:/etc/vmware/ssl/rui.crt
sudo scp /etc/letsencrypt/live/$ESXiHost/privkey.pem $ESXiUser@$ESXiHost:/etc/vmware/ssl/rui.key

esxi_ssl.txt · Last modified: 2020/07/24 17:16 (external edit)
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0