This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
letsencrypt [2016/01/06 13:44] ian |
letsencrypt [2017/09/10 23:11] ian |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Let's Encrypt ====== | ====== Let's Encrypt ====== | ||
- | https:// | + | https:// |
Because the certificate is valid only for 90 days, it is important to use the scripted automation to authorize and renew the certificate. | Because the certificate is valid only for 90 days, it is important to use the scripted automation to authorize and renew the certificate. | ||
- | 1. If the letsencrypt | + | 1. If the certbot |
<note tip> | <note tip> | ||
Line 15: | Line 15: | ||
< | < | ||
- | # cd / | + | # cd /usr/local/sbin |
- | # git clone https://github.com/ | + | # wget https://dl.eff.org/certbot-auto |
- | # cd letsencrypt | + | # chmod +x certbot-auto |
- | # ./letsencrypt-auto --help | + | # ./certbot-auto --help |
</ | </ | ||
- | 2. Install anacron for your distro so that we can schedule | + | 2. Add a weekly script to perform |
< | < | ||
- | # aptitude install anacron | + | # echo '#!/bin/bash |
- | </code> | + | |
- | 3. Add a monthly script to perform the renewals | + | sleep $(( $RANDOM % 1800 )) |
- | < | + | logger " |
- | # echo -e '# | + | |
- | # chmod u+x /etc/cron.monthly/ | + | ' >> /etc/cron.weekly/ |
+ | # chmod u+x /etc/cron.weekly/ | ||
</ | </ | ||
- | 4. Run a manual certificate authorization/ | + | 3. Run a manual certificate authorization/ |
< | < | ||
- | # /usr/local/letsencrypt/letsencrypt-auto certonly | + | /usr/local/sbin/certbot-auto certonly --webroot --webroot-path / |
</ | </ | ||
Line 44: | Line 44: | ||
< | < | ||
- | # openssl x509 -text -in / | + | openssl x509 -text -in / |
X509v3 Subject Alternative Name: | X509v3 Subject Alternative Name: | ||
DNS: | DNS: | ||
Line 50: | Line 50: | ||
</ | </ | ||
- | 5. Add your last letsencrypt certonly command to the cron.monthly shell script | + | 4. < |
- | + | echo '/ | |
- | < | + | |
- | echo "!?certonly?" >> /etc/cron.monthly/ | + | |
</ | </ | ||
Line 64: | Line 62: | ||
</ | </ | ||
- | 6. Manually configure apache to redirect non-SSL requests to the new VirtualHost where SSL is enabled. | + | 5. Manually configure apache to redirect non-SSL requests to the new VirtualHost where SSL is enabled. |
< | < | ||
Line 84: | Line 82: | ||
</ | </ | ||
- | 7. You can repeat steps 4-6 for any additional SSL certificates for other public sites on the server. | + | 6. You can repeat steps 5-6 for any additional SSL certificates for other public sites on the server. |
- | **/ | + | **/ |
< | < | ||
#!/bin/bash | #!/bin/bash | ||
- | / | + | sleep $(( $RANDOM % 1800 )) |
- | /usr/local/letsencrypt/letsencrypt-auto certonly --renew-by-default --webroot --webroot-path / | + | |
+ | logger " | ||
+ | |||
+ | /usr/local/sbin/certbot-auto renew --deploy-hook " | ||
- | service apache2 reload | + | logger "End: $0" |
</ | </ | ||