Difference between revisions of "Https certbot"

From Anarchaserver
Line 19: Line 19:


== Renew automatically ==
== Renew automatically ==
the command to renew all the certificates is :
Note :
The Debian packaged version of Certbot installs a cron job automatically into /etc/cron.d/certbot. This cronjob runs certbot renew twice a day which will renew certificates that are within the renewal window.
 
To test :
certbot renew --dry-run
 
the command to manually renew all the certificates is :
  certbot renew
  certbot renew
this command can be added to crontab or run by systemd, the certificates are valid for 3 months so the check can be done once a week or once a day, see
this command can be added to crontab or run by systemd, the certificates are valid for 3 months so the check can be done once a week or once a day, see
  crontab
  crontab
for systemd integration, see https://forum.yunohost.org/t/how-to-install-let-s-encrypt-certificates/1075/83
 
* see https://certbot.eff.org/docs/using.html#renewing-certificates
* see https://certbot.eff.org/docs/using.html#renewing-certificates



Revision as of 09:41, 11 October 2016

Set up a https certificate

Following the advices from https://certbot.eff.org

Install certbot and the certificates

add jessie-backports to the sourcelist :

sudo nano /etc/apt/sources.list

add the line :

deb http://ftp.debian.org/debian jessie-backports main

save and :

sudo apt-get update
sudo apt-get install python-certbot-apache -t jessie-backports

now we can install the certificates for the main domain and a subdomain using :

sudo certbot --apache

If you want to manually change the configuration of the virtualhosts, then you can :

certbot --apache certonly --webroot -w /var/www/ -d anarchaserver.org
certbot --apache certonly --webroot -w /var/www/zoiahorn/ -d zoiahorn.anarchaserver.org/

see: https://certbot.eff.org/all-instructions/#debian-8-jessie-apache

Renew automatically

Note :

The Debian packaged version of Certbot installs a cron job automatically into /etc/cron.d/certbot. This cronjob runs certbot renew twice a day which will renew certificates that are within the renewal window.

To test :

certbot renew --dry-run 

the command to manually renew all the certificates is :

certbot renew

this command can be added to crontab or run by systemd, the certificates are valid for 3 months so the check can be done once a week or once a day, see

crontab

Check the certificates

test on https://www.ssllabs.com/ssltest/

references