Difference between revisions of "Https certbot"
(Created page with "= Set up a https certificate = Following the advices from https://certbot.eff.org == Install certbot and the certificates == add jessie-backports to the sourcelist : sudo nan...") |
|||
(4 intermediate revisions by the same user not shown) | |||
Line 7: | Line 7: | ||
deb http://ftp.debian.org/debian jessie-backports main | deb http://ftp.debian.org/debian jessie-backports main | ||
save and : | save and : | ||
apt-get update | sudo apt-get update | ||
now we can install the certificates using : | sudo apt-get install python-certbot-apache -t jessie-backports | ||
certbot certonly --webroot -w /var/www/ | now we can install the certificates for the main domain and a subdomain using : | ||
sudo certbot --apache | |||
If you want to manually change the configuration of the virtualhosts, then you can : | |||
certbot --apache certonly --webroot -w /var/www/ -d anarchaserver.org | |||
certbot --apache certonly --webroot -w /var/www/zoiahorn/ -d zoiahorn.anarchaserver.org/ | |||
see: https://certbot.eff.org/all-instructions/#debian-8-jessie-apache | |||
== Renew automatically == | |||
Note : | |||
The Debian packaged version of Certbot installs a cron job automatically into /etc/cron.d/certbot. This cronjob runs certbot renew twice a day which will renew certificates that are within the renewal window. | |||
To test : | |||
certbot renew --dry-run | |||
the command to manually renew all the certificates is : | |||
certbot renew | |||
this command can be added to crontab or run by systemd, the certificates are valid for 3 months so the check can be done once a week or once a day, see | |||
crontab | |||
* see https://certbot.eff.org/docs/using.html#renewing-certificates | |||
Renew mannually a certificate inside a container | |||
certbot certonly -a manual -d transitional.anarchaserver.org --preferred-challenges dns | |||
Place in gandi the TXT rrecod with the name and the content proposed | |||
'''Than reload apache2''' | |||
systemctl reload apache2 | |||
== Check the certificates == | |||
test on https://www.ssllabs.com/ssltest/ | |||
== references == | == references == | ||
* full documentation https://certbot.eff.org/docs/using.html | * full documentation https://certbot.eff.org/docs/using.html | ||
* https://letsencrypt.org/ | * https://letsencrypt.org/ |
Latest revision as of 15:55, 9 February 2020
Set up a https certificate
Following the advices from https://certbot.eff.org
Install certbot and the certificates
add jessie-backports to the sourcelist :
sudo nano /etc/apt/sources.list
add the line :
deb http://ftp.debian.org/debian jessie-backports main
save and :
sudo apt-get update sudo apt-get install python-certbot-apache -t jessie-backports
now we can install the certificates for the main domain and a subdomain using :
sudo certbot --apache
If you want to manually change the configuration of the virtualhosts, then you can :
certbot --apache certonly --webroot -w /var/www/ -d anarchaserver.org certbot --apache certonly --webroot -w /var/www/zoiahorn/ -d zoiahorn.anarchaserver.org/
see: https://certbot.eff.org/all-instructions/#debian-8-jessie-apache
Renew automatically
Note :
The Debian packaged version of Certbot installs a cron job automatically into /etc/cron.d/certbot. This cronjob runs certbot renew twice a day which will renew certificates that are within the renewal window.
To test :
certbot renew --dry-run
the command to manually renew all the certificates is :
certbot renew
this command can be added to crontab or run by systemd, the certificates are valid for 3 months so the check can be done once a week or once a day, see
crontab
Renew mannually a certificate inside a container
certbot certonly -a manual -d transitional.anarchaserver.org --preferred-challenges dns
Place in gandi the TXT rrecod with the name and the content proposed
Than reload apache2
systemctl reload apache2
Check the certificates
test on https://www.ssllabs.com/ssltest/
references
- full documentation https://certbot.eff.org/docs/using.html
- https://letsencrypt.org/