Difference between revisions of "Https certbot"
From Anarchaserver
Line 19: | Line 19: | ||
== Renew automatically == | == Renew automatically == | ||
the command to renew all the certificates is : | Note : | ||
The Debian packaged version of Certbot installs a cron job automatically into /etc/cron.d/certbot. This cronjob runs certbot renew twice a day which will renew certificates that are within the renewal window. | |||
To test : | |||
certbot renew --dry-run | |||
the command to manually renew all the certificates is : | |||
certbot renew | certbot renew | ||
this command can be added to crontab or run by systemd, the certificates are valid for 3 months so the check can be done once a week or once a day, see | this command can be added to crontab or run by systemd, the certificates are valid for 3 months so the check can be done once a week or once a day, see | ||
crontab | crontab | ||
* see https://certbot.eff.org/docs/using.html#renewing-certificates | * see https://certbot.eff.org/docs/using.html#renewing-certificates | ||
Revision as of 09:41, 11 October 2016
Set up a https certificate
Following the advices from https://certbot.eff.org
Install certbot and the certificates
add jessie-backports to the sourcelist :
sudo nano /etc/apt/sources.list
add the line :
deb http://ftp.debian.org/debian jessie-backports main
save and :
sudo apt-get update sudo apt-get install python-certbot-apache -t jessie-backports
now we can install the certificates for the main domain and a subdomain using :
sudo certbot --apache
If you want to manually change the configuration of the virtualhosts, then you can :
certbot --apache certonly --webroot -w /var/www/ -d anarchaserver.org certbot --apache certonly --webroot -w /var/www/zoiahorn/ -d zoiahorn.anarchaserver.org/
see: https://certbot.eff.org/all-instructions/#debian-8-jessie-apache
Renew automatically
Note :
The Debian packaged version of Certbot installs a cron job automatically into /etc/cron.d/certbot. This cronjob runs certbot renew twice a day which will renew certificates that are within the renewal window.
To test :
certbot renew --dry-run
the command to manually renew all the certificates is :
certbot renew
this command can be added to crontab or run by systemd, the certificates are valid for 3 months so the check can be done once a week or once a day, see
crontab
Check the certificates
test on https://www.ssllabs.com/ssltest/
references
- full documentation https://certbot.eff.org/docs/using.html
- https://letsencrypt.org/