Set up a https certificate

Following the advices from https://certbot.eff.org

Install certbot and the certificates

add jessie-backports to the sourcelist :

sudo nano /etc/apt/sources.list

add the line :

deb http://ftp.debian.org/debian jessie-backports main

save and :

sudo apt-get update
sudo apt-get install python-certbot-apache -t jessie-backports

now we can install the certificates for the main domain and a subdomain using :

sudo certbot --apache

If you want to manually change the configuration of the virtualhosts, then you can :

certbot --apache certonly --webroot -w /var/www/ -d anarchaserver.org
certbot --apache certonly --webroot -w /var/www/zoiahorn/ -d zoiahorn.anarchaserver.org/

see: https://certbot.eff.org/all-instructions/#debian-8-jessie-apache

Renew automatically

Note :

The Debian packaged version of Certbot installs a cron job automatically into /etc/cron.d/certbot. This cronjob runs certbot renew twice a day which will renew certificates that are within the renewal window.

To test :

certbot renew --dry-run 

the command to manually renew all the certificates is :

certbot renew

this command can be added to crontab or run by systemd, the certificates are valid for 3 months so the check can be done once a week or once a day, see

crontab

• see https://certbot.eff.org/docs/using.html#renewing-certificates

Renew mannually a certificate inside a container

certbot certonly -a manual -d transitional.anarchaserver.org --preferred-challenges dns

Place in gandi the TXT rrecod with the name and the content proposed

Than reload apache2

systemctl reload apache2

Check the certificates

test on https://www.ssllabs.com/ssltest/

references

• full documentation https://certbot.eff.org/docs/using.html
• https://letsencrypt.org/