How do I obtain a certificate for a hidden service？

everydayisok · January 28, 2022, 2:29pm

How do I obtain a certificate for a hidden service？Just like getting HTTPS certificates. Do you have any sample code?

championquizzer · January 28, 2022, 2:38pm

Take a look at this article by @kushaldas : Get a TLS certificate for your onion service

(also see: Tor Project | HTTPS for your onion service)

martln · January 28, 2022, 7:38pm

I have ~~attached~~ a complete nginx config and torrc which uses unix sockets.

Unfortunately, the files are not accepted when uploading. Therefore here the link:

torrc: https://gebhardt.im/torrc.txt
nginx.conf: https://gebhardt.im/nginx.conf.txt

To make sure that nginx restarts correctly, you have to create the file override.conf in the folder /etc/systemd/system/nginx.service.d/ and add the following content:

[Service]
ExecStop=
ExecStop=-/sbin/start-stop-daemon \
         --quiet \
         --stop \
         --retry TERM/5 \
         --pidfile /run/nginx.pid

martln · January 28, 2022, 11:50pm

One more important piece of info. In my nginx config is a section request_method which ensures that only GET and HEAD is allowed. If you need more, like PUT or POST etc you have to add that.