LetsEncrypt: Difference between revisions
Jump to navigation
Jump to search
(Created page with "https://letsencrypt.org/howitworks/ <pre> $ git clone https://github.com/letsencrypt/letsencrypt $ cd letsencrypt $ ./letsencrypt-auto --help $ ./letsencrypt-auto --apache IMP...") |
No edit summary |
||
(9 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
https:// | Instructions for Debian 9 | ||
< | == certbot == | ||
* https://certbot.eff.org/#debiantesting-apache | |||
$ | * https://certbot.eff.org/docs/using.html | ||
$ | |||
=== Install certbot === | |||
<syntaxhighlight lang=bash> | |||
sudo apt-get install python-certbot-apache certbot | |||
</syntaxhighlight> | |||
=== Obtain SNI Cert === | |||
Manually run due to existing configuration already redirecting port http -> https. Will require a small of downtime `systemctl stop apache2`. | |||
<syntaxhighlight lang=bash> | |||
certbot certonly --manual \ | |||
--cert-name invadelabs.com \ | |||
-d invadelabs.com \ | |||
-d www.invadelabs.com \ | |||
-d drew.invadelabs.com \ | |||
-d wiki.invadelabs.com \ | |||
-d blog.invadelabs.com \ | |||
-m [email protected] \ | |||
--agree-tos | |||
</syntaxhighlight> | |||
=== Check newly Issue Cert === | |||
<syntaxhighlight lang=bash> | |||
root@invadelabs:~# certbot certificates | |||
Saving debug log to /var/log/letsencrypt/letsencrypt.log | |||
------------------------------------------------------------------------------- | |||
Found the following certs: | |||
Certificate Name: invadelabs.com | |||
Domains: invadelabs.com drew.invadelabs.com | |||
Expiry Date: 2018-05-19 08:58:27+00:00 (VALID: 89 days) | |||
Certificate Path: /etc/letsencrypt/live/invadelabs.com/fullchain.pem | |||
Private Key Path: /etc/letsencrypt/live/invadelabs.com/privkey.pem | |||
------------------------------------------------------------------------------- | |||
</syntaxhighlight> | |||
=== Test Renewal === | |||
Dry-run: | |||
<syntaxhighlight lang=bash> | |||
$ sudo certbot renew --dry-run | |||
</syntaxhighlight> | |||
=== Renew Cert Manually === | |||
Will need to manually reload apache. | |||
<syntaxhighlight lang=bash> | |||
$ sudo certbot renew | |||
</syntaxhighlight> | |||
=== Aapache Auto Renew On Cron === | |||
Add to root's cron and check twice daily: | |||
<syntaxhighlight lang=bash> | |||
0 3,15 * * * certbot renew --apache --quiet | |||
</syntaxhighlight> | |||
=== Expand Additional Domains SNI Cert === | |||
<syntaxhighlight lang=bash> | |||
certbot --expand -d invadelabs.com -d drew.invadelabs.com -d new.invadelabs.com | |||
</syntaxhighlight> | |||
== Old method == | |||
<syntaxhighlight lang=bash> | |||
./letsencrypt-auto run --apache -d drew-bg.invadelabs.com | |||
- Congratulations! Your certificate and chain have been saved at | - Congratulations! Your certificate and chain have been saved at | ||
/etc/letsencrypt/live/drew.invadelabs.com/fullchain.pem. Your | /etc/letsencrypt/live/drew-bg.invadelabs.com/fullchain.pem. Your | ||
will expire on 2016- | cert will expire on 2016-07-09. To obtain a new version of the | ||
certificate in the future, simply run Let's Encrypt again. | certificate in the future, simply run Let's Encrypt again. | ||
SSLCertificateFile /etc/letsencrypt/live/invadelabs.com/fullchain.pem | |||
SSLCertificateKeyFile /etc/letsencrypt/live/invadelabs.com/privkey.pem | |||
</ | Include /etc/letsencrypt/options-ssl-apache.conf | ||
</syntaxhighlight> |
Latest revision as of 17:46, 27 February 2018
Instructions for Debian 9
certbot
Install certbot
sudo apt-get install python-certbot-apache certbot
Obtain SNI Cert
Manually run due to existing configuration already redirecting port http -> https. Will require a small of downtime `systemctl stop apache2`.
certbot certonly --manual \
--cert-name invadelabs.com \
-d invadelabs.com \
-d www.invadelabs.com \
-d drew.invadelabs.com \
-d wiki.invadelabs.com \
-d blog.invadelabs.com \
-m [email protected] \
--agree-tos
Check newly Issue Cert
root@invadelabs:~# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Found the following certs:
Certificate Name: invadelabs.com
Domains: invadelabs.com drew.invadelabs.com
Expiry Date: 2018-05-19 08:58:27+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/invadelabs.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/invadelabs.com/privkey.pem
-------------------------------------------------------------------------------
Test Renewal
Dry-run:
$ sudo certbot renew --dry-run
Renew Cert Manually
Will need to manually reload apache.
$ sudo certbot renew
Aapache Auto Renew On Cron
Add to root's cron and check twice daily:
0 3,15 * * * certbot renew --apache --quiet
Expand Additional Domains SNI Cert
certbot --expand -d invadelabs.com -d drew.invadelabs.com -d new.invadelabs.com
Old method
./letsencrypt-auto run --apache -d drew-bg.invadelabs.com
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/drew-bg.invadelabs.com/fullchain.pem. Your
cert will expire on 2016-07-09. To obtain a new version of the
certificate in the future, simply run Let's Encrypt again.
SSLCertificateFile /etc/letsencrypt/live/invadelabs.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/invadelabs.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf