LetsEncrypt: Difference between revisions

From DrewWiki
Jump to navigation Jump to search
(Created page with "https://letsencrypt.org/howitworks/ <pre> $ git clone https://github.com/letsencrypt/letsencrypt $ cd letsencrypt $ ./letsencrypt-auto --help $ ./letsencrypt-auto --apache IMP...")
 
No edit summary
 
(9 intermediate revisions by the same user not shown)
Line 1: Line 1:
https://letsencrypt.org/howitworks/
Instructions for Debian 9
<pre>
== certbot ==
$ git clone https://github.com/letsencrypt/letsencrypt
* https://certbot.eff.org/#debiantesting-apache
$ cd letsencrypt
* https://certbot.eff.org/docs/using.html
$ ./letsencrypt-auto --help
 
$ ./letsencrypt-auto --apache
=== Install certbot ===
IMPORTANT NOTES:
<syntaxhighlight lang=bash>
sudo apt-get install python-certbot-apache certbot
</syntaxhighlight>
 
=== Obtain SNI Cert ===
Manually run due to existing configuration already redirecting port http -> https. Will require a small of downtime `systemctl stop apache2`.
<syntaxhighlight lang=bash>
certbot certonly --manual \
--cert-name invadelabs.com \
-d invadelabs.com \
-d www.invadelabs.com \
-d drew.invadelabs.com \
-d wiki.invadelabs.com \
-d blog.invadelabs.com \
--agree-tos
</syntaxhighlight>
 
=== Check newly Issue Cert ===
<syntaxhighlight lang=bash>
root@invadelabs:~# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
 
-------------------------------------------------------------------------------
Found the following certs:
  Certificate Name: invadelabs.com
    Domains: invadelabs.com drew.invadelabs.com
    Expiry Date: 2018-05-19 08:58:27+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/invadelabs.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/invadelabs.com/privkey.pem
-------------------------------------------------------------------------------
</syntaxhighlight>
 
=== Test Renewal ===
Dry-run:
<syntaxhighlight lang=bash>
$ sudo certbot renew --dry-run
</syntaxhighlight>
 
=== Renew Cert Manually ===
Will need to manually reload apache.
<syntaxhighlight lang=bash>
$ sudo certbot renew
</syntaxhighlight>
 
=== Aapache Auto Renew On Cron ===
Add to root's cron and check twice daily:
<syntaxhighlight lang=bash>
0 3,15 * * * certbot renew --apache --quiet
</syntaxhighlight>
 
=== Expand Additional Domains SNI Cert ===
<syntaxhighlight lang=bash>
certbot --expand -d invadelabs.com -d drew.invadelabs.com -d new.invadelabs.com
</syntaxhighlight>
 
== Old method ==
<syntaxhighlight lang=bash>
./letsencrypt-auto run --apache -d drew-bg.invadelabs.com
 
  - Congratulations! Your certificate and chain have been saved at
  - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/drew.invadelabs.com/fullchain.pem. Your cert
   /etc/letsencrypt/live/drew-bg.invadelabs.com/fullchain.pem. Your
   will expire on 2016-05-15. To obtain a new version of the
   cert will expire on 2016-07-09. To obtain a new version of the
   certificate in the future, simply run Let's Encrypt again.
   certificate in the future, simply run Let's Encrypt again.
- If you like Let's Encrypt, please consider supporting our work by:


  Donating to ISRG / Let's Encrypt:  https://letsencrypt.org/donate
SSLCertificateFile /etc/letsencrypt/live/invadelabs.com/fullchain.pem
  Donating to EFF:                    https://eff.org/donate-le
SSLCertificateKeyFile /etc/letsencrypt/live/invadelabs.com/privkey.pem
</pre>
Include /etc/letsencrypt/options-ssl-apache.conf
</syntaxhighlight>

Latest revision as of 17:46, 27 February 2018

Instructions for Debian 9

certbot

Install certbot

sudo apt-get install python-certbot-apache certbot

Obtain SNI Cert

Manually run due to existing configuration already redirecting port http -> https. Will require a small of downtime `systemctl stop apache2`.

certbot certonly --manual \
--cert-name invadelabs.com \
-d invadelabs.com \
-d www.invadelabs.com \
-d drew.invadelabs.com \
-d wiki.invadelabs.com \
-d blog.invadelabs.com \
-m [email protected] \
--agree-tos

Check newly Issue Cert

root@invadelabs:~# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Found the following certs:
  Certificate Name: invadelabs.com
    Domains: invadelabs.com drew.invadelabs.com
    Expiry Date: 2018-05-19 08:58:27+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/invadelabs.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/invadelabs.com/privkey.pem
-------------------------------------------------------------------------------

Test Renewal

Dry-run:

$ sudo certbot renew --dry-run

Renew Cert Manually

Will need to manually reload apache.

$ sudo certbot renew

Aapache Auto Renew On Cron

Add to root's cron and check twice daily:

0 3,15 * * * certbot renew --apache --quiet

Expand Additional Domains SNI Cert

certbot --expand -d invadelabs.com -d drew.invadelabs.com -d new.invadelabs.com

Old method

./letsencrypt-auto run --apache -d drew-bg.invadelabs.com

 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/drew-bg.invadelabs.com/fullchain.pem. Your
   cert will expire on 2016-07-09. To obtain a new version of the
   certificate in the future, simply run Let's Encrypt again.

SSLCertificateFile /etc/letsencrypt/live/invadelabs.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/invadelabs.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf