Nethence Newdoc Olddoc Lab Your IP BBDock  

Let’s Encrypt

Introduction

SSL certs for free

There’s unfortunately no wildcard feature yet, but it’s ok: just generate certs (sub)-domain by (sub)-domain.

Installation

apt-get install software-properties-common
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install certbot
#apt-get install python-certbot-apache
#apt-get install python-certbot-nginx

Requirements

On the server that is hosting the public website

Assuming NGINX.

If the vhost already serves, make sure you can access a newly created dot.folder (EFF’s certbot creates .well-known/ and a temporary file in it) e.g.,

webroot=/data/www/vhost.nethence.com/

mkdir -p $webroot/.check/
echo "<p>ok" > $webroot/.check/check.html

==> https://vhost.nethence.com/.check/check.html

If it doesn’t, either fix the nginx config or create another vhost to temporarily replace it (port 80 is fine, no ssl yet) and you may also validate several certs one after another just by changing server name

mkdir -p /data/www/lets/
vi ~/conf.d/lets.conf

server {
        server_name vhost.nethence.com;
        root /data/www/lets;
        access_log logs/lets.access.log compression;
        error_log  logs/lets.error.log warn;

        location / {
                try_files $uri $uri/ =404;
        }
}

/usr/local/nginx/sbin/nginx -s reload

Usage

You can now use EFF’s certbot as root,

certbot certonly
#certbot --nginx certonly

backup your credentials and new certificates,

cp -Rp /etc/letsencrypt/ /etc/letsencrypt.`date +%s`/

Donate

References


Home | GitHub | Donate | Contact