36 lines
872 B
Markdown
36 lines
872 B
Markdown
# SSL Certificates
|
|
|
|
This directory should contain SSL certificates for HTTPS.
|
|
|
|
## Development
|
|
|
|
For local development, you can generate self-signed certificates:
|
|
|
|
```bash
|
|
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
|
|
-keyout key.pem -out cert.pem \
|
|
-subj "/C=US/ST=State/L=City/O=Organization/CN=localhost"
|
|
```
|
|
|
|
## Production
|
|
|
|
For production, use certificates from a trusted Certificate Authority like:
|
|
- Let's Encrypt (recommended, free)
|
|
- Your domain provider
|
|
- Commercial CA
|
|
|
|
### Let's Encrypt with Certbot
|
|
|
|
```bash
|
|
sudo certbot certonly --standalone -d yourdomain.com
|
|
sudo cp /etc/letsencrypt/live/yourdomain.com/fullchain.pem ./cert.pem
|
|
sudo cp /etc/letsencrypt/live/yourdomain.com/privkey.pem ./key.pem
|
|
```
|
|
|
|
## Required Files
|
|
|
|
- `cert.pem` - SSL certificate
|
|
- `key.pem` - Private key
|
|
|
|
**Important:** Never commit real SSL certificates to version control!
|