Wiki

User Tools

Site Tools

Trace:
ubuntu:certificates:let_s_encrypt_certificates

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
ubuntu:certificates:let_s_encrypt_certificates [2020/05/19 09:30] – [NginX config] peterubuntu:certificates:let_s_encrypt_certificates [2021/07/05 08:52] (current) peter
Line 1: Line 1:
 ====== Ubuntu - Certificates - Let's Encrypt Certificates ====== ====== Ubuntu - Certificates - Let's Encrypt Certificates ======
 +
 +----
 +
 +[[Ubuntu:Certificates:Let's Encrypt Certificates:Create and Update a LetsEncrypt SSL Certificate with CertBot|Create and Update a LetsEncrypt SSL Certificate with CertBot]]
 +
 +----
  
 Install the Let's Encrypt client, certbot: Install the Let's Encrypt client, certbot:
Line 14: Line 20:
 </code> </code>
  
 +  * This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.
  
 <WRAP info> <WRAP info>
Line 25: Line 32:
 </WRAP> </WRAP>
  
- 
-This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair. 
  
 <WRAP info> <WRAP info>
Line 35: Line 40:
  
  
- +<WRAP info> 
- +**NOTE:** To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:
-To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:+
  
 <code bash> <code bash>
Line 43: Line 47:
 </code> </code>
  
 +</WRAP>
 +
 +
 +<WRAP info>
 +**NOTE:**  The Let's Encrypt client creates a temporary file in webroot-path/.well-known/acme-challenge/ containing the token used by the Let's Encrypt server to verify that you own the domain you are attempting to get a free ssl certificate for.
 +</WRAP>
  
-The Let's Encrypt client creates a temporary file in webroot-path/.well-known/acme-challenge/ containing the token used by the Let's Encrypt server to verify that you own the domain you are attempting to get a free ssl certificate for. 
  
 ---- ----
Line 77: Line 86:
 webroot-path = /var/www/example/ webroot-path = /var/www/example/
 </file> </file>
 +
 +<WRAP info>
 +**NOTE:**  For multiple domains do not include a space after the comma:
 +
 +<code bash>
 +domains = www.example.com,example.com,www.example2.com,example2.com
 +</code>
 +
 +</WRAP>
 +
 +----
 +
 +===== Generate your first cert =====
 +
 +To generate your first cert, open a shell and execute the letsencrypt-auto script
 +
 +<code bash>
 +# cd /root/letsencrypt
 +# ./letsencrypt-auto --config /etc/letsencrypt/configs/example.com.conf certonly
 +Updating letsencrypt and virtual environment dependencies.......
 +Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt --config /etc/letsencrypt/configs/mydomain.conf certonly
 +
 +IMPORTANT NOTES:
 + - Congratulations! Your certificate and chain have been saved at
 +   /etc/letsencrypt/live/www.example.com/fullchain.pem. Your cert will
 +   expire on 2016-02-05. To obtain a new version of the certificate in
 +   the future, simply run Let's Encrypt again.
 +</code>
 +
 +<WRAP info>
 +**NOTE:**  The **certonly** command: we only want to issue certificates and don't want the client to fiddle with our nginx config.
 +</WRAP>
  
 ---- ----
Line 135: Line 176:
 ===== Automating renewal ===== ===== Automating renewal =====
  
-The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature.  You can test automatic renewal for your certificates by running this command:+The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. 
 + 
 +Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. 
 + 
 +You can test automatic renewal for your certificates by running this command:
  
 <code bash> <code bash>
Line 155: Line 200:
 done done
  
-**TODO:** Check if letsencrypt-auto is now certbot-auto.  +<WRAP todo> 
 +**TODO:** Check if letsencrypt-auto is now certbot-auto.  
 +</WRAP> 
 + 
  
 # make sure nginx picks them up # make sure nginx picks them up
Line 228: Line 276:
 IMPORTANT:  A DNS entry must exist for the * so ensure this is added. IMPORTANT:  A DNS entry must exist for the * so ensure this is added.
 </WRAP> </WRAP>
 +
 +
 +----
 +
 +===== To Renew manually =====
 +
 +
 +<code bash>
 +letsencrypt certonly --webroot -w /var/www/peterroux.com -d peterroux.com -d www.peterroux.com
 +</code>
  
  
ubuntu/certificates/let_s_encrypt_certificates.1589880618.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki